Linux kernel source tree https://git.amat.us/linux/atom/security/integrity/ima?h=v3.4.3 2012-02-28T00:01:15Z 2012-02-28T00:01:15Z Randy Dunlap rdunlap@xenotime.net 2012-02-24T19:28:05Z urn:sha1:a69f15890292b5449f9056b4bb322b044e6ce0c6 Fix IMA kconfig warning on non-X86 architectures: warning: (IMA) selects TCG_TIS which has unmet direct dependencies (TCG_TPM && X86) Signed-off-by: Randy Dunlap <rdunlap@xenotime.net> Reported-by: Geert Uytterhoeven <geert@linux-m68k.org> Acked-by: Rajiv Andrade <srajiv@linux.vnet.ibm.com> Signed-off-by: James Morris <james.l.morris@oracle.com> 2012-02-16T01:01:42Z Eric Paris eparis@redhat.com 2012-02-14T22:11:07Z urn:sha1:b0d5de4d58803bbcce2b8175a8dd21c559a3abc1 The audit res field ususally indicates success with a 1 and 0 for a failure. So make IMA do it the same way. Signed-off-by: Eric Paris <eparis@redhat.com> Signed-off-by: Mimi Zohar <zohar@us.ibm.com> Signed-off-by: James Morris <jmorris@namei.org> 2012-02-09T06:02:34Z James Morris jmorris@namei.org 2012-02-09T06:02:34Z urn:sha1:9e3ff38647a316e4f92d59b14c8f0eb13b33bb2c 2012-01-20T02:30:21Z Dmitry Kasatkin dmitry.kasatkin@intel.com 2011-10-18T11:16:28Z urn:sha1:4c2c392763a682354fac65b6a569adec4e4b5387 Don't measure ramfs files. Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com> Signed-off-by: Mimi Zohar <zohar@us.ibm.com> 2012-01-20T02:30:09Z Fabio Estevam festevam@gmail.com 2012-01-05T14:49:54Z urn:sha1:f4a0391dfa91155bd961673b31eb42d9d45c799d Fix the following build warning: warning: (IMA) selects TCG_TPM which has unmet direct dependencies (HAS_IOMEM && EXPERIMENTAL) Suggested-by: Rajiv Andrade <srajiv@linux.vnet.ibm.com> Signed-off-by: Fabio Estevam <fabio.estevam@freescale.com> Signed-off-by: Rajiv Andrade <srajiv@linux.vnet.ibm.com> Cc: <stable@vger.kernel.org> Signed-off-by: Mimi Zohar <zohar@us.ibm.com> 2012-01-19T04:59:11Z Mimi Zohar zohar@linux.vnet.ibm.com 2012-01-18T03:11:28Z urn:sha1:3db59dd93309710c40aaf1571c607cb0feef3ecb Fix ima_policy.c sparse "warning: dereference of noderef expression" message, by accessing cred->uid using current_cred(). Changelog v1: - Change __cred to just cred (based on David Howell's comment) Signed-off-by: Mimi Zohar <zohar@us.ibm.com> Signed-off-by: James Morris <jmorris@namei.org> 2012-01-17T21:17:03Z Kees Cook keescook@chromium.org 2012-01-07T18:41:04Z urn:sha1:41fdc3054e23e3229edea27053522fe052d02ec2 The use of s_id should go through the untrusted string path, just to be extra careful. Signed-off-by: Kees Cook <keescook@chromium.org> Acked-by: Mimi Zohar <zohar@us.ibm.com> Signed-off-by: Eric Paris <eparis@redhat.com> 2011-12-20T03:07:54Z Roberto Sassu roberto.sassu@polito.it 2011-12-19T14:57:28Z urn:sha1:7b7e5916aa2f46e57f8bd8cb89c34620ebfda5da Don't free a valid measurement entry on TPM PCR extend failure. Signed-off-by: Roberto Sassu <roberto.sassu@polito.it> Signed-off-by: Mimi Zohar <zohar@us.ibm.com> Cc: stable@vger.kernel.org 2011-12-20T03:04:32Z Roberto Sassu roberto.sassu@polito.it 2011-12-19T14:57:27Z urn:sha1:45fae7493970d7c45626ccd96d4a74f5f1eea5a9 Info about new measurements are cached in the iint for performance. When the inode is flushed from cache, the associated iint is flushed as well. Subsequent access to the inode will cause the inode to be re-measured and will attempt to add a duplicate entry to the measurement list. This patch frees the duplicate measurement memory, fixing a memory leak. Signed-off-by: Roberto Sassu <roberto.sassu@polito.it> Signed-off-by: Mimi Zohar <zohar@us.ibm.com> Cc: stable@vger.kernel.org 2011-11-02T16:45:39Z Linus Torvalds torvalds@linux-foundation.org 2011-11-02T16:45:39Z urn:sha1:de0a5345a55b8dd5a4695181275df0e691176830 * 'for-linus' of git://github.com/richardweinberger/linux: (90 commits) um: fix ubd cow size um: Fix kmalloc argument order in um/vdso/vma.c um: switch to use of drivers/Kconfig UserModeLinux-HOWTO.txt: fix a typo UserModeLinux-HOWTO.txt: remove ^H characters um: we need sys/user.h only on i386 um: merge delay_{32,64}.c um: distribute exports to where exported stuff is defined um: kill system-um.h um: generic ftrace.h will do... um: segment.h is x86-only and needed only there um: asm/pda.h is not needed anymore um: hw_irq.h can go generic as well um: switch to generic-y um: clean Kconfig up a bit um: a couple of missing dependencies... um: kill useless argument of free_chan() and free_one_chan() um: unify ptrace_user.h um: unify KSTK_... um: fix gcov build breakage ...