Mimi Zohar 76bda31c54 ima: relax requiring a file signature for new files with zero length ... [ Upstream commit b7e27bc1d42e8e0cc58b602b529c25cd0071b336 ] Custom policies can require file signatures based on LSM labels. These files are normally created and only afterwards labeled, requiring them to be signed. Instead of requiring file signatures based on LSM labels, entire filesystems could require file signatures. In this case, we need the ability of writing new files without requiring file signatures. The definition of a "new" file was originally defined as any file with a length of zero. Subsequent patches redefined a "new" file to be based on the FILE_CREATE open flag. By combining the open flag with a file size of zero, this patch relaxes the file signature requirement. Fixes: 1ac202e978e1 ima: accept previously set IMA_NEW_FILE Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com> Signed-off-by: Sasha Levin <alexander.levin@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>		2018-03-22 09:23:30 +01:00
..
evm	EVM: Use crypto_memneq() for digest comparisons	2016-02-17 12:31:04 -08:00
ima	ima: relax requiring a file signature for new files with zero length	2018-03-22 09:23:30 +01:00
digsig.c	integrity: prevent loading untrusted certificates on the IMA trusted keyring	2015-10-09 15:31:18 -04:00
digsig_asymmetric.c	integrity: do zero padding of the key id	2014-10-06 17:33:27 +01:00
iint.c	integrity: add validity checks for 'path' parameter	2015-05-21 13:59:28 -04:00
integrity.h	integrity: add validity checks for 'path' parameter	2015-05-21 13:59:28 -04:00
integrity_audit.c	Merge git://git.infradead.org/users/eparis/audit	2014-04-12 12:38:53 -07:00
Kconfig	kconfig: use bool instead of boolean for type definition attributes	2015-01-07 13:08:04 +01:00
Makefile	integrity: make integrity files as 'integrity' module	2014-09-09 10:28:58 -04:00