www.infradead.org Git - users/dwmw2/linux.git/commit

author	Linus Torvalds <torvalds@linux-foundation.org>
	Tue, 9 Jan 2024 21:24:06 +0000 (13:24 -0800)
committer	Linus Torvalds <torvalds@linux-foundation.org>
	Tue, 9 Jan 2024 21:24:06 +0000 (13:24 -0800)
commit	6c1dd1fe5d8a1d43ed96e2e0ed44a88c73c5c039
tree	08cf4521df75e4b7699f1abeb695985ce6ee26d9	tree
parent	e9b4c5890858015bfe2089b7573319bcf4a92907	commit \| diff
parent	c00f94b3a5be428837868c0f2cdaa3fa5b4b1995	commit \| diff

Merge tag 'integrity-v6.8' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity

Pull integrity updates from Mimi Zohar:

- Add a new IMA/EVM maintainer and reviewer

- Disable EVM on overlayfs

   The EVM HMAC and the original file signatures contain filesystem
   specific metadata (e.g. i_ino, i_generation and s_uuid), preventing
   the security.evm xattr from directly being copied up to the overlay.
   Further before calculating and writing out the overlay file's EVM
   HMAC, EVM must first verify the existing backing file's
   'security.evm' value.

   For now until a solution is developed, disable EVM on overlayfs.

- One bug fix and two cleanups

* tag 'integrity-v6.8' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity:
  overlay: disable EVM
  evm: add support to disable EVM on unsupported filesystems
  evm: don't copy up 'security.evm' xattr
  MAINTAINERS: Add Eric Snowberg as a reviewer to IMA
  MAINTAINERS: Add Roberto Sassu as co-maintainer to IMA and EVM
  KEYS: encrypted: Add check for strsep
  ima: Remove EXPERIMENTAL from Kconfig
  ima: Reword IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY

MAINTAINERS	diff1 \|	diff2 \|	blob \| history
fs/overlayfs/super.c	diff1 \|	diff2 \|	blob \| history
include/linux/fs.h	diff1 \|	diff2 \|	blob \| history
security/security.c	diff1 \|	diff2 \|	blob \| history