linux/security/integrity, branch v3.5.2 Linux kernel source tree https://git.amat.us/linux/atom/security/integrity?h=v3.5.2 2012-05-16T00:36:41Z ima: fix filename hint to reflect script interpreter name 2012-05-16T00:36:41Z Mimi Zohar zohar@us.ibm.com 2012-05-15T01:50:11Z urn:sha1:fbbb456347b21279a379b42eeb31151c33d8dd49 When IMA was first upstreamed, the bprm filename and interp were always the same. Currently, the bprm->filename and bprm->interp are the same, except for when only bprm->interp contains the interpreter name. So instead of using the bprm->filename as the IMA filename hint in the measurement list, we could replace it with bprm->interp, but this feels too fragil. The following patch is not much better, but at least there is some indication that sometimes we're passing the filename and other times the interpreter name. Reported-by: Andrew Lunn <andrew@lunn.ch> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com> Signed-off-by: James Morris <james.l.morris@oracle.com> security: fix ima kconfig warning 2012-02-28T00:01:15Z Randy Dunlap rdunlap@xenotime.net 2012-02-24T19:28:05Z urn:sha1:a69f15890292b5449f9056b4bb322b044e6ce0c6 Fix IMA kconfig warning on non-X86 architectures: warning: (IMA) selects TCG_TIS which has unmet direct dependencies (TCG_TPM && X86) Signed-off-by: Randy Dunlap <rdunlap@xenotime.net> Reported-by: Geert Uytterhoeven <geert@linux-m68k.org> Acked-by: Rajiv Andrade <srajiv@linux.vnet.ibm.com> Signed-off-by: James Morris <james.l.morris@oracle.com> IMA: fix audit res field to indicate 1 for success and 0 for failure 2012-02-16T01:01:42Z Eric Paris eparis@redhat.com 2012-02-14T22:11:07Z urn:sha1:b0d5de4d58803bbcce2b8175a8dd21c559a3abc1 The audit res field ususally indicates success with a 1 and 0 for a failure. So make IMA do it the same way. Signed-off-by: Eric Paris <eparis@redhat.com> Signed-off-by: Mimi Zohar <zohar@us.ibm.com> Signed-off-by: James Morris <jmorris@namei.org> Merge branch 'next-queue' into next 2012-02-09T06:02:34Z James Morris jmorris@namei.org 2012-02-09T06:02:34Z urn:sha1:9e3ff38647a316e4f92d59b14c8f0eb13b33bb2c ima: policy for RAMFS 2012-01-20T02:30:21Z Dmitry Kasatkin dmitry.kasatkin@intel.com 2011-10-18T11:16:28Z urn:sha1:4c2c392763a682354fac65b6a569adec4e4b5387 Don't measure ramfs files. Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com> Signed-off-by: Mimi Zohar <zohar@us.ibm.com> ima: fix Kconfig dependencies 2012-01-20T02:30:09Z Fabio Estevam festevam@gmail.com 2012-01-05T14:49:54Z urn:sha1:f4a0391dfa91155bd961673b31eb42d9d45c799d Fix the following build warning: warning: (IMA) selects TCG_TPM which has unmet direct dependencies (HAS_IOMEM && EXPERIMENTAL) Suggested-by: Rajiv Andrade <srajiv@linux.vnet.ibm.com> Signed-off-by: Fabio Estevam <fabio.estevam@freescale.com> Signed-off-by: Rajiv Andrade <srajiv@linux.vnet.ibm.com> Cc: <stable@vger.kernel.org> Signed-off-by: Mimi Zohar <zohar@us.ibm.com> ima: fix cred sparse warning 2012-01-19T04:59:11Z Mimi Zohar zohar@linux.vnet.ibm.com 2012-01-18T03:11:28Z urn:sha1:3db59dd93309710c40aaf1571c607cb0feef3ecb Fix ima_policy.c sparse "warning: dereference of noderef expression" message, by accessing cred->uid using current_cred(). Changelog v1: - Change __cred to just cred (based on David Howell's comment) Signed-off-by: Mimi Zohar <zohar@us.ibm.com> Signed-off-by: James Morris <jmorris@namei.org> Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 2012-01-18T00:43:39Z Linus Torvalds torvalds@linux-foundation.org 2012-01-18T00:43:39Z urn:sha1:a25a2b84098eb5e001cb8086603d692aa95bf2ec * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: integrity: digital signature config option name change lib: Removed MPILIB, MPILIB_EXTRA, and SIGNATURE prompts lib: MPILIB Kconfig description update lib: digital signature dependency fix lib: digital signature config option name change encrypted-keys: fix rcu and sparse messages keys: fix trusted/encrypted keys sparse rcu_assign_pointer messages KEYS: Add missing smp_rmb() primitives to the keyring search code TOMOYO: Accept \000 as a valid character. security: update MAINTAINERS file with new git repo integrity: digital signature config option name change 2012-01-17T23:46:27Z Dmitry Kasatkin dmitry.kasatkin@intel.com 2012-01-17T15:12:07Z urn:sha1:f1be242c95257b199d8b679bc952ca33487c9af6 Similar to SIGNATURE, rename INTEGRITY_DIGSIG to INTEGRITY_SIGNATURE. Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com> Signed-off-by: James Morris <jmorris@namei.org> lib: digital signature config option name change 2012-01-17T23:46:21Z Dmitry Kasatkin dmitry.kasatkin@intel.com 2012-01-17T15:12:03Z urn:sha1:5e8898e97a5db4125d944070922164d1d09a2689 It was reported that DIGSIG is confusing name for digital signature module. It was suggested to rename DIGSIG to SIGNATURE. Requested-by: Linus Torvalds <torvalds@linux-foundation.org> Suggested-by: Pavel Machek <pavel@ucw.cz> Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com> Signed-off-by: James Morris <jmorris@namei.org>