Merge branch 'next-evm' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/ima-2.6 into next (5a2f3a02) · Commits · jan.koester / Linux

Documentation/ABI/testing/evm

0 → 100644

+23 −0

Original line number	Diff line number	Diff line
		What: security/evm
		Date: March 2011
		Contact: Mimi Zohar <zohar@us.ibm.com>
		Description:
		EVM protects a file's security extended attributes(xattrs)
		against integrity attacks. The initial method maintains an
		HMAC-sha1 value across the extended attributes, storing the
		value as the extended attribute 'security.evm'.

		EVM depends on the Kernel Key Retention System to provide it
		with a trusted/encrypted key for the HMAC-sha1 operation.
		The key is loaded onto the root's keyring using keyctl. Until
		EVM receives notification that the key has been successfully
		loaded onto the keyring (echo 1 > <securityfs>/evm), EVM
		can not create or validate the 'security.evm' xattr, but
		returns INTEGRITY_UNKNOWN. Loading the key and signaling EVM
		should be done as early as possible. Normally this is done
		in the initramfs, which has already been measured as part
		of the trusted boot. For more information on creating and
		loading existing trusted/encrypted keys, refer to:
		Documentation/keys-trusted-encrypted.txt. (A sample dracut
		patch, which loads the trusted/encrypted key and enables
		EVM, is available from http://linux-ima.sourceforge.net/#EVM.)

+6 −0

Original line number	Diff line number	Diff line
		@@ -48,6 +48,7 @@ parameter is applicable:
		EDD BIOS Enhanced Disk Drive Services (EDD) is enabled
		EFI EFI Partitioning (GPT) is enabled
		EIDE EIDE/ATAPI support is enabled.
		EVM Extended Verification Module
		FB The frame buffer device is enabled.
		GCOV GCOV profiling is enabled.
		HW Appropriate hardware is enabled.
		@@ -758,6 +759,11 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
		This option is obsoleted by the "netdev=" option, which
		has equivalent usage. See its documentation for details.

		evm= [EVM]
		Format: { "fix" }
		Permit 'security.evm' to be updated regardless of
		current integrity status.

		failslab=
		fail_page_alloc=
		fail_make_request=[KNL]

+4 −1

Original line number	Diff line number	Diff line
		@@ -13,6 +13,7 @@
		#include <linux/fsnotify.h>
		#include <linux/fcntl.h>
		#include <linux/security.h>
		#include <linux/evm.h>

		/**
		* inode_change_ok - check if attribute changes to an inode are allowed
		@@ -237,8 +238,10 @@ int notify_change(struct dentry * dentry, struct iattr * attr)
		else
		error = simple_setattr(dentry, attr);

		if (!error)
		if (!error) {
		fsnotify_change(dentry, ia_valid);
		evm_inode_post_setattr(dentry, ia_valid);
		}

		return error;
		}

+25 −25

Original line number	Diff line number	Diff line
		@@ -374,36 +374,36 @@ int btrfs_removexattr(struct dentry dentry, const char name)
		XATTR_REPLACE);
		}

		int btrfs_xattr_security_init(struct btrfs_trans_handle *trans,
		struct inode inode, struct inode dir,
		const struct qstr *qstr)
		int btrfs_initxattrs(struct inode inode, const struct xattr xattr_array,
		void *fs_info)
		{
		int err;
		size_t len;
		void *value;
		char *suffix;
		const struct xattr *xattr;
		struct btrfs_trans_handle *trans = fs_info;
		char *name;
		int err = 0;

		err = security_inode_init_security(inode, dir, qstr, &suffix, &value,
		&len);
		if (err) {
		if (err == -EOPNOTSUPP)
		return 0;
		return err;
		}

		name = kmalloc(XATTR_SECURITY_PREFIX_LEN + strlen(suffix) + 1,
		GFP_NOFS);
		for (xattr = xattr_array; xattr->name != NULL; xattr++) {
		name = kmalloc(XATTR_SECURITY_PREFIX_LEN +
		strlen(xattr->name) + 1, GFP_NOFS);
		if (!name) {
		err = -ENOMEM;
		} else {
		break;
		}
		strcpy(name, XATTR_SECURITY_PREFIX);
		strcpy(name + XATTR_SECURITY_PREFIX_LEN, suffix);
		err = __btrfs_setxattr(trans, inode, name, value, len, 0);
		strcpy(name + XATTR_SECURITY_PREFIX_LEN, xattr->name);
		err = __btrfs_setxattr(trans, inode, name,
		xattr->value, xattr->value_len, 0);
		kfree(name);
		if (err < 0)
		break;
		}

		kfree(suffix);
		kfree(value);
		return err;
		}

		int btrfs_xattr_security_init(struct btrfs_trans_handle *trans,
		struct inode inode, struct inode dir,
		const struct qstr *qstr)
		{
		return security_inode_init_security(inode, dir, qstr,
		&btrfs_initxattrs, trans);
		}

+18 −16

Original line number	Diff line number	Diff line
		@@ -46,28 +46,30 @@ ext2_xattr_security_set(struct dentry dentry, const char name,
		value, size, flags);
		}

		int
		ext2_init_security(struct inode inode, struct inode dir,
		const struct qstr *qstr)
		int ext2_initxattrs(struct inode inode, const struct xattr xattr_array,
		void *fs_info)
		{
		int err;
		size_t len;
		void *value;
		char *name;
		const struct xattr *xattr;
		int err = 0;

		err = security_inode_init_security(inode, dir, qstr, &name, &value, &len);
		if (err) {
		if (err == -EOPNOTSUPP)
		return 0;
		return err;
		}
		for (xattr = xattr_array; xattr->name != NULL; xattr++) {
		err = ext2_xattr_set(inode, EXT2_XATTR_INDEX_SECURITY,
		name, value, len, 0);
		kfree(name);
		kfree(value);
		xattr->name, xattr->value,
		xattr->value_len, 0);
		if (err < 0)
		break;
		}
		return err;
		}

		int
		ext2_init_security(struct inode inode, struct inode dir,
		const struct qstr *qstr)
		{
		return security_inode_init_security(inode, dir, qstr,
		&ext2_initxattrs, NULL);
		}

		const struct xattr_handler ext2_xattr_security_handler = {
		.prefix = XATTR_SECURITY_PREFIX,
		.list = ext2_xattr_security_list,