diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2020-12-16 11:06:07 -0800 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2020-12-16 11:06:07 -0800 |
| commit | e20a9b92ddbfe662807622dbb28e1fbb6e0011aa (patch) | |
| tree | df1a16ed9cdd8ed83aacfa01f0f3498bf156c12d /security/smack | |
| parent | ca5b877b6ccc7b989614f3f541e9a1fe2ff7f75a (diff) | |
| parent | 207cdd565dfc95a0a5185263a567817b7ebf5467 (diff) | |
Merge tag 'integrity-v5.11' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity
Pull integrity subsystem updates from Mimi Zohar:
"Just three patches here. Other integrity changes are being upstreamed
via EFI (defines a common EFI secure and trusted boot IMA policy) and
BPF LSM (exporting the IMA file cache hash info based on inode).
The three patches included here:
- bug fix: fail calculating the file hash, when a file not opened for
read and the attempt to re-open it for read fails.
- defer processing the "ima_appraise" boot command line option to
avoid enabling different modes (e.g. fix, log) to when the secure
boot flag is available on arm.
- defines "ima-buf" as the default IMA buffer measurement template in
preparation for the builtin integrity "critical data" policy"
* tag 'integrity-v5.11' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity:
ima: Don't modify file descriptor mode on the fly
ima: select ima-buf template for buffer measurement
ima: defer arch_ima_get_secureboot() call to IMA init time
Diffstat (limited to 'security/smack')
0 files changed, 0 insertions, 0 deletions