releases/3.10.21/revert-ima-policy-for-ramfs.patch - pub/scm/linux/kernel/git/stable/stable-queue - Git at Google

 From 08de59eb144d7c41351a467442f898d720f0f15f Mon Sep 17 00:00:00 2001
 From: Mimi Zohar <zohar@linux.vnet.ibm.com>
 Date: Thu, 17 Oct 2013 07:34:02 -0400
 Subject: Revert "ima: policy for RAMFS"

 From: Mimi Zohar <zohar@linux.vnet.ibm.com>

 commit 08de59eb144d7c41351a467442f898d720f0f15f upstream.

 This reverts commit 4c2c392763a682354fac65b6a569adec4e4b5387.

 Everything in the initramfs should be measured and appraised,
 but until the initramfs has extended attribute support, at
 least measured.

 Signed-off-by: Mimi Zohar <zohar@us.ibm.com>
 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

 ---
  security/integrity/ima/ima_policy.c |    1 -
  1 file changed, 1 deletion(-)

 --- a/security/integrity/ima/ima_policy.c
 +++ b/security/integrity/ima/ima_policy.c
 @@ -73,7 +73,6 @@ static struct ima_rule_entry default_rul
  	{.action = DONT_MEASURE,.fsmagic = SYSFS_MAGIC,.flags = IMA_FSMAGIC},
  	{.action = DONT_MEASURE,.fsmagic = DEBUGFS_MAGIC,.flags = IMA_FSMAGIC},
  	{.action = DONT_MEASURE,.fsmagic = TMPFS_MAGIC,.flags = IMA_FSMAGIC},
 -	{.action = DONT_MEASURE,.fsmagic = RAMFS_MAGIC,.flags = IMA_FSMAGIC},
  	{.action = DONT_MEASURE,.fsmagic = DEVPTS_SUPER_MAGIC,.flags = IMA_FSMAGIC},
  	{.action = DONT_MEASURE,.fsmagic = BINFMTFS_MAGIC,.flags = IMA_FSMAGIC},
  	{.action = DONT_MEASURE,.fsmagic = SECURITYFS_MAGIC,.flags = IMA_FSMAGIC},
	From 08de59eb144d7c41351a467442f898d720f0f15f Mon Sep 17 00:00:00 2001
	From: Mimi Zohar <zohar@linux.vnet.ibm.com>
	Date: Thu, 17 Oct 2013 07:34:02 -0400
	Subject: Revert "ima: policy for RAMFS"

	From: Mimi Zohar <zohar@linux.vnet.ibm.com>

	commit 08de59eb144d7c41351a467442f898d720f0f15f upstream.

	This reverts commit 4c2c392763a682354fac65b6a569adec4e4b5387.

	Everything in the initramfs should be measured and appraised,
	but until the initramfs has extended attribute support, at
	least measured.

	Signed-off-by: Mimi Zohar <zohar@us.ibm.com>
	Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

	---
	security/integrity/ima/ima_policy.c \| 1 -
	1 file changed, 1 deletion(-)

	--- a/security/integrity/ima/ima_policy.c
	+++ b/security/integrity/ima/ima_policy.c
	@@ -73,7 +73,6 @@ static struct ima_rule_entry default_rul
	{.action = DONT_MEASURE,.fsmagic = SYSFS_MAGIC,.flags = IMA_FSMAGIC},
	{.action = DONT_MEASURE,.fsmagic = DEBUGFS_MAGIC,.flags = IMA_FSMAGIC},
	{.action = DONT_MEASURE,.fsmagic = TMPFS_MAGIC,.flags = IMA_FSMAGIC},
	- {.action = DONT_MEASURE,.fsmagic = RAMFS_MAGIC,.flags = IMA_FSMAGIC},
	{.action = DONT_MEASURE,.fsmagic = DEVPTS_SUPER_MAGIC,.flags = IMA_FSMAGIC},
	{.action = DONT_MEASURE,.fsmagic = BINFMTFS_MAGIC,.flags = IMA_FSMAGIC},
	{.action = DONT_MEASURE,.fsmagic = SECURITYFS_MAGIC,.flags = IMA_FSMAGIC},