Google Git
Sign in
kernel / pub / scm / linux / kernel / git / zohar / linux-integrity / refs/heads/for-next-4.5
commit9b608bfe2d6c2d44a4da5be55be4718168287cef[log] [tgz]
authorDmitry Kasatkin <dmitry.kasatkin@huawei.com>Thu Oct 22 21:26:42 2015 +0300
committerMimi Zohar <zohar@linux.vnet.ibm.com>Thu Oct 29 06:56:21 2015 -0400
tree1fcd2efaf73e3ca49432d148d55694e8fb69bfdc
parent08944531df250c1f7f829e8e4313c0c390856bb7 [diff]
evm: reset EVM status when file attributes changes

EVM verification status is cached in iint->evm_status
and if it was successful, never re-verified again when
IMA passes 'iint' to evm_verifyxattr().

When file attribute or extended attributes changes we may
wish to re-verify EVM integrity as well. For example,
after setting digital signature we may need to re-verify
the signature and update iint->flags that there is EVM
signature.

This patch enables that by resetting evm_status to
INTEGRITY_UKNOWN state.

Changes in v2:
* Flag setting moved to EVM layer

Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@huawei.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
1 file changed
tree: 1fcd2efaf73e3ca49432d148d55694e8fb69bfdc
  1. arch/
  2. block/
  3. certs/
  4. crypto/
  5. Documentation/
  6. drivers/
  7. firmware/
  8. fs/
  9. include/
  10. init/
  11. ipc/
  12. kernel/
  13. lib/
  14. mm/
  15. net/
  16. samples/
  17. scripts/
  18. security/
  19. sound/
  20. tools/
  21. usr/
  22. virt/
  23. .get_maintainer.ignore
  24. .gitignore
  25. .mailmap
  26. COPYING
  27. CREDITS
  28. Kbuild
  29. Kconfig
  30. MAINTAINERS
  31. Makefile
  32. README
  33. REPORTING-BUGS