--- v6
+++ v3
@@ -11,16 +11,15 @@
appraisal verification of public keys (they are already verified by the key
subsystem).
-Patches 3-4 allow metadata verification to be turned off when no HMAC key
+Patches 3-5 allow metadata verification to be turned off when no HMAC key
is loaded and to use this mode in a safe way (by ensuring that IMA
revalidates metadata when there is a change).
-Patches 5-8 make portable signatures more usable if metadata verification
-is not turned off, by ignoring the INTEGRITY_NOLABEL and INTEGRITY_NOXATTS
-errors when possible, by accepting any metadata modification until
-signature verification succeeds (useful when xattrs/attrs are copied
-sequentially from a source) and by allowing operations that don't change
-metadata.
+Patches 6-8 make portable signatures more usable if metadata verification
+is not turned off, by ignoring the INTEGRITY_NOLABEL error when no HMAC key
+is loaded, by accepting any metadata modification until signature
+verification succeeds (useful when xattrs/attrs are copied sequentially
+from a source) and by allowing operations that don't change metadata.
Patch 9 makes it possible to use portable signatures when the IMA policy
requires file signatures and patch 10 shows portable signatures in the
@@ -29,81 +28,14 @@
Lastly, patch 11 avoids undesired removal of security.ima when a file is
not selected by the IMA policy.
-Test:
-https://github.com/robertosassu/ima-evm-utils/blob/ima-evm-fixes-v6-devel-v1/tests/portable_signatures.test
-
-Test results:
-https://travis-ci.com/github/robertosassu/ima-evm-utils/jobs/503096506
-https://travis-ci.com/github/robertosassu/ima-evm-utils/jobs/503096510
-
-
-Changelog
-
-v5:
-- remove IMA xattr post hooks and call evm_revalidate() from pre hooks
- (suggested by Mimi)
-- rename evm_ignore_error_safe() to evm_hmac_disabled() and check the errors
- inline (suggested by Mimi)
-- improve readability of error handling in evm_verify_hmac() (suggested by Mimi)
-- don't show an error message if the EVM status is INTEGRITY_PASS_IMMUTABLE
- (suggested by Mimi)
-- check if CONFIG_FS_POSIX_ACL is defined in evm_xattr_acl_change() (reported
- by kernel test robot)
-- fix return value of evm_xattr_change() (suggested by Christian Brauner)
-- simplify EVM_ALLOW_METADATA_WRITES check in evm_write_key() (suggested by
- Mimi)
-
-v4:
-- add patch to pass mnt_userns to EVM inode set/remove xattr hooks
- (suggested by Christian Brauner)
-- pass mnt_userns to posix_acl_update_mode()
-- use IS_ERR_OR_NULL() in evm_xattr_acl_change() (suggested by Mimi)
-
-v3:
-- introduce evm_ignore_error_safe() to correctly ignore INTEGRITY_NOLABEL
- and INTEGRITY_NOXATTRS errors
-- fix an error in evm_xattr_acl_change()
-- replace #ifndef with !IS_ENABLED() in integrity_load_keys()
-- reintroduce ima_inode_removexattr()
-- adapt patches to apply on top of the idmapped mounts patch set
-
-v2:
-- replace EVM_RESET_STATUS flag with evm_status_revalidate()
-- introduce IMA post hooks ima_inode_post_setxattr() and
- ima_inode_post_removexattr()
-- remove ima_inode_removexattr()
-- ignore INTEGRITY_NOLABEL error if the HMAC key is not loaded
-
-v1:
-- introduce EVM_RESET_STATUS integrity flag instead of clearing IMA flag
-- introduce new template field evmsig
-- add description of evm_xattr_acl_change() and evm_xattr_change()
-
Roberto Sassu (11):
evm: Execute evm_inode_init_security() only when an HMAC key is loaded
evm: Load EVM key in ima_load_x509() to avoid appraisal
evm: Refuse EVM_ALLOW_METADATA_WRITES only if an HMAC key is loaded
+ ima: Move ima_reset_appraise_flags() call to post hooks
evm: Introduce evm_status_revalidate()
- evm: Introduce evm_hmac_disabled() to safely ignore verification
- errors
+ evm: Ignore INTEGRITY_NOLABEL if no HMAC key is loaded
evm: Allow xattr/attr operations for portable signatures
- evm: Pass user namespace to set/remove xattr hooks
- evm: Allow setxattr() and setattr() for unmodified metadata
- ima: Allow imasig requirement to be satisfied by EVM portable
- signatures
- ima: Introduce template field evmsig and write to field sig as
- fallback
- ima: Don't remove security.ima if file must not be appraised
-
-Roberto Sassu (11):
- evm: Execute evm_inode_init_security() only when an HMAC key is loaded
- evm: Load EVM key in ima_load_x509() to avoid appraisal
- evm: Refuse EVM_ALLOW_METADATA_WRITES only if an HMAC key is loaded
- evm: Introduce evm_status_revalidate()
- evm: Introduce evm_hmac_disabled() to safely ignore verification
- errors
- evm: Allow xattr/attr operations for portable signatures
- evm: Pass user namespace to set/remove xattr hooks
evm: Allow setxattr() and setattr() for unmodified metadata
ima: Allow imasig requirement to be satisfied by EVM portable
signatures
@@ -113,19 +45,21 @@
Documentation/ABI/testing/evm | 5 +-
Documentation/security/IMA-templates.rst | 4 +-
- include/linux/evm.h | 18 +-
+ fs/xattr.c | 2 +
+ include/linux/evm.h | 6 +
+ include/linux/ima.h | 19 ++-
include/linux/integrity.h | 1 +
- security/integrity/evm/evm_main.c | 227 ++++++++++++++++++++--
- security/integrity/evm/evm_secfs.c | 5 +-
- security/integrity/iint.c | 4 +-
- security/integrity/ima/ima_appraise.c | 43 ++--
+ security/integrity/evm/evm_main.c | 178 ++++++++++++++++++++--
+ security/integrity/evm/evm_secfs.c | 2 +-
+ security/integrity/iint.c | 2 +
+ security/integrity/ima/ima_appraise.c | 52 +++++--
security/integrity/ima/ima_init.c | 4 +
security/integrity/ima/ima_template.c | 2 +
- security/integrity/ima/ima_template_lib.c | 33 +++-
+ security/integrity/ima/ima_template_lib.c | 32 +++-
security/integrity/ima/ima_template_lib.h | 2 +
security/security.c | 4 +-
- 13 files changed, 304 insertions(+), 48 deletions(-)
+ 15 files changed, 275 insertions(+), 40 deletions(-)
--
-2.25.1
+2.27.GIT