Linux kernel source tree https://git.amat.us/linux/atom/security/integrity?h=v3.4.9 2012-02-28T00:01:15Z 2012-02-28T00:01:15Z Randy Dunlap rdunlap@xenotime.net 2012-02-24T19:28:05Z urn:sha1:a69f15890292b5449f9056b4bb322b044e6ce0c6 Fix IMA kconfig warning on non-X86 architectures: warning: (IMA) selects TCG_TIS which has unmet direct dependencies (TCG_TPM && X86) Signed-off-by: Randy Dunlap <rdunlap@xenotime.net> Reported-by: Geert Uytterhoeven <geert@linux-m68k.org> Acked-by: Rajiv Andrade <srajiv@linux.vnet.ibm.com> Signed-off-by: James Morris <james.l.morris@oracle.com> 2012-02-16T01:01:42Z Eric Paris eparis@redhat.com 2012-02-14T22:11:07Z urn:sha1:b0d5de4d58803bbcce2b8175a8dd21c559a3abc1 The audit res field ususally indicates success with a 1 and 0 for a failure. So make IMA do it the same way. Signed-off-by: Eric Paris <eparis@redhat.com> Signed-off-by: Mimi Zohar <zohar@us.ibm.com> Signed-off-by: James Morris <jmorris@namei.org> 2012-02-09T06:02:34Z James Morris jmorris@namei.org 2012-02-09T06:02:34Z urn:sha1:9e3ff38647a316e4f92d59b14c8f0eb13b33bb2c 2012-01-20T02:30:21Z Dmitry Kasatkin dmitry.kasatkin@intel.com 2011-10-18T11:16:28Z urn:sha1:4c2c392763a682354fac65b6a569adec4e4b5387 Don't measure ramfs files. Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com> Signed-off-by: Mimi Zohar <zohar@us.ibm.com> 2012-01-20T02:30:09Z Fabio Estevam festevam@gmail.com 2012-01-05T14:49:54Z urn:sha1:f4a0391dfa91155bd961673b31eb42d9d45c799d Fix the following build warning: warning: (IMA) selects TCG_TPM which has unmet direct dependencies (HAS_IOMEM && EXPERIMENTAL) Suggested-by: Rajiv Andrade <srajiv@linux.vnet.ibm.com> Signed-off-by: Fabio Estevam <fabio.estevam@freescale.com> Signed-off-by: Rajiv Andrade <srajiv@linux.vnet.ibm.com> Cc: <stable@vger.kernel.org> Signed-off-by: Mimi Zohar <zohar@us.ibm.com> 2012-01-19T04:59:11Z Mimi Zohar zohar@linux.vnet.ibm.com 2012-01-18T03:11:28Z urn:sha1:3db59dd93309710c40aaf1571c607cb0feef3ecb Fix ima_policy.c sparse "warning: dereference of noderef expression" message, by accessing cred->uid using current_cred(). Changelog v1: - Change __cred to just cred (based on David Howell's comment) Signed-off-by: Mimi Zohar <zohar@us.ibm.com> Signed-off-by: James Morris <jmorris@namei.org> 2012-01-18T00:43:39Z Linus Torvalds torvalds@linux-foundation.org 2012-01-18T00:43:39Z urn:sha1:a25a2b84098eb5e001cb8086603d692aa95bf2ec * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: integrity: digital signature config option name change lib: Removed MPILIB, MPILIB_EXTRA, and SIGNATURE prompts lib: MPILIB Kconfig description update lib: digital signature dependency fix lib: digital signature config option name change encrypted-keys: fix rcu and sparse messages keys: fix trusted/encrypted keys sparse rcu_assign_pointer messages KEYS: Add missing smp_rmb() primitives to the keyring search code TOMOYO: Accept \000 as a valid character. security: update MAINTAINERS file with new git repo 2012-01-17T23:46:27Z Dmitry Kasatkin dmitry.kasatkin@intel.com 2012-01-17T15:12:07Z urn:sha1:f1be242c95257b199d8b679bc952ca33487c9af6 Similar to SIGNATURE, rename INTEGRITY_DIGSIG to INTEGRITY_SIGNATURE. Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com> Signed-off-by: James Morris <jmorris@namei.org> 2012-01-17T23:46:21Z Dmitry Kasatkin dmitry.kasatkin@intel.com 2012-01-17T15:12:03Z urn:sha1:5e8898e97a5db4125d944070922164d1d09a2689 It was reported that DIGSIG is confusing name for digital signature module. It was suggested to rename DIGSIG to SIGNATURE. Requested-by: Linus Torvalds <torvalds@linux-foundation.org> Suggested-by: Pavel Machek <pavel@ucw.cz> Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com> Signed-off-by: James Morris <jmorris@namei.org> 2012-01-17T21:17:03Z Kees Cook keescook@chromium.org 2012-01-07T18:41:04Z urn:sha1:41fdc3054e23e3229edea27053522fe052d02ec2 The use of s_id should go through the untrusted string path, just to be extra careful. Signed-off-by: Kees Cook <keescook@chromium.org> Acked-by: Mimi Zohar <zohar@us.ibm.com> Signed-off-by: Eric Paris <eparis@redhat.com>