Mirror of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/ https://git.shady.money/linux/atom?h=v3.6 2012-07-05T20:43:59Z 2012-07-05T20:43:59Z Dmitry Kasatkin dmitry.kasatkin@intel.com 2012-06-25T09:18:21Z urn:sha1:417c6c8ee2eb6975f357d8975af94ba5fbeaf82d IMA auditing code was compiled even when CONFIG_AUDIT was not enabled. This patch compiles auditing code only when possible and enabled. Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com> 2012-07-05T20:43:57Z Dmitry Kasatkin dmitry.kasatkin@intel.com 2012-06-25T09:18:11Z urn:sha1:7ff2267af595e642f1009198ab49e86a239148fa Set ima_initialized only if initialization was successful. Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com> 2012-07-05T20:42:33Z Dmitry Kasatkin dmitry.kasatkin@intel.com 2012-06-25T09:18:09Z urn:sha1:8445d64dd761440fb5c73a2abba25009f4bf0e4c Exclude DEVPTS and BINFMT filesystems from the measurement policy. Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com> 2012-07-02T20:43:30Z Dmitry Kasatkin dmitry.kasatkin@intel.com 2012-06-25T09:18:10Z urn:sha1:c7de7adc18241a0eb10a6e1fed7cb1e01f53c85a IMA cannot be used as module and does not need __exit functions. Removed them. Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com> 2012-07-02T20:43:30Z Dmitry Kasatkin dmitry.kasatkin@intel.com 2012-01-30T00:19:08Z urn:sha1:0ea4f8ae416a9e8d15f4e20680879358f620e8b8 On ima_fs_init() error, free securityfs violations file. Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com> Signed-off-by: Mimi Zohar <zohar@us.ibm.com> 2012-07-02T20:43:29Z Mimi Zohar zohar@linux.vnet.ibm.com 2012-06-20T13:32:55Z urn:sha1:08e1b76ae399a010c0d0916b125d75aed6961d16 The IMA measurement list contains filename hints, which can be ambigious without the full pathname. This patch replaces the filename hint with the full pathname, simplifying for userspace the correlating of file hash measurements with files. Change log v1: - Revert to short filenames, when full pathname is longer than IMA measurement buffer size. (Based on Dmitry's review) Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com> 2012-05-16T00:36:41Z Mimi Zohar zohar@us.ibm.com 2012-05-15T01:50:11Z urn:sha1:fbbb456347b21279a379b42eeb31151c33d8dd49 When IMA was first upstreamed, the bprm filename and interp were always the same. Currently, the bprm->filename and bprm->interp are the same, except for when only bprm->interp contains the interpreter name. So instead of using the bprm->filename as the IMA filename hint in the measurement list, we could replace it with bprm->interp, but this feels too fragil. The following patch is not much better, but at least there is some indication that sometimes we're passing the filename and other times the interpreter name. Reported-by: Andrew Lunn <andrew@lunn.ch> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com> Signed-off-by: James Morris <james.l.morris@oracle.com> 2012-02-28T00:01:15Z Randy Dunlap rdunlap@xenotime.net 2012-02-24T19:28:05Z urn:sha1:a69f15890292b5449f9056b4bb322b044e6ce0c6 Fix IMA kconfig warning on non-X86 architectures: warning: (IMA) selects TCG_TIS which has unmet direct dependencies (TCG_TPM && X86) Signed-off-by: Randy Dunlap <rdunlap@xenotime.net> Reported-by: Geert Uytterhoeven <geert@linux-m68k.org> Acked-by: Rajiv Andrade <srajiv@linux.vnet.ibm.com> Signed-off-by: James Morris <james.l.morris@oracle.com> 2012-02-16T01:01:42Z Eric Paris eparis@redhat.com 2012-02-14T22:11:07Z urn:sha1:b0d5de4d58803bbcce2b8175a8dd21c559a3abc1 The audit res field ususally indicates success with a 1 and 0 for a failure. So make IMA do it the same way. Signed-off-by: Eric Paris <eparis@redhat.com> Signed-off-by: Mimi Zohar <zohar@us.ibm.com> Signed-off-by: James Morris <jmorris@namei.org> 2012-02-09T06:02:34Z James Morris jmorris@namei.org 2012-02-09T06:02:34Z urn:sha1:9e3ff38647a316e4f92d59b14c8f0eb13b33bb2c