www.infradead.org Git - nvme.git/commit

author	Mimi Zohar <zohar@linux.ibm.com>
	Mon, 27 Jan 2025 15:45:48 +0000 (10:45 -0500)
committer	Mimi Zohar <zohar@linux.ibm.com>
	Thu, 27 Mar 2025 16:40:12 +0000 (12:40 -0400)
commit	a414016218ca97140171aa3bb926b02e1f68c2cc
tree	a04429b21fb96d9eed41200ccb31eb16b03ad847	tree
parent	5b3cd801155f0b34b0b95942a5b057c9b8cad33e	commit \| diff

ima: limit the number of ToMToU integrity violations

Each time a file in policy, that is already opened for read, is opened
for write, a Time-of-Measure-Time-of-Use (ToMToU) integrity violation
audit message is emitted and a violation record is added to the IMA
measurement list. This occurs even if a ToMToU violation has already
been recorded.

Limit the number of ToMToU integrity violations per file open for read.

Note: The IMA_MAY_EMIT_TOMTOU atomic flag must be set from the reader
side based on policy. This may result in a per file open for read
ToMToU violation.

Since IMA_MUST_MEASURE is only used for violations, rename the atomic
IMA_MUST_MEASURE flag to IMA_MAY_EMIT_TOMTOU.

Cc: stable@vger.kernel.org # applies cleanly up to linux-6.6
Tested-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Petr Vorel <pvorel@suse.cz>
Tested-by: Petr Vorel <pvorel@suse.cz>
Reviewed-by: Roberto Sassu <roberto.sassu@huawei.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>

security/integrity/ima/ima.h		diff \| blob \| history
security/integrity/ima/ima_main.c		diff \| blob \| history