Gh0st
/
linux
mirror of https://github.com/torvalds/linux.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
linux/security/ipe
History
Linus Torvalds c832183148 ipe/stable-6.19 PR 20251202 
-----BEGIN PGP SIGNATURE-----
 
 iIcEABYIAC8WIQQzmBmZPBN6m/hUJmnyomI6a/yO7QUCaS+zQhEcd3VmYW5Aa2Vy
 bmVsLm9yZwAKCRDyomI6a/yO7TfdAP4ngYyNKMwefqmrwG7akL9sRCWEH4Y/ZM/Z
 ZwFw0waDkAEA5gV5LH6DJme9rBsXjC8wkOiiUOerqopIVKPMeYKCmAc=
 =sOI5
 -----END PGP SIGNATURE-----

Merge tag 'ipe-pr-20251202' of git://git.kernel.org/pub/scm/linux/kernel/git/wufan/ipe

Pull IPE udates from Fan Wu:
 "The primary change is the addition of support for the AT_EXECVE_CHECK
  flag. This allows interpreters to signal the kernel to perform IPE
  security checks on script files before execution, extending IPE
  enforcement to indirectly executed scripts.

  Update documentation for it, and also fix a comment"

* tag 'ipe-pr-20251202' of git://git.kernel.org/pub/scm/linux/kernel/git/wufan/ipe:
  ipe: Update documentation for script enforcement
  ipe: Add AT_EXECVE_CHECK support for script enforcement
  ipe: Drop a duplicated CONFIG_ prefix in the ifdeffery
 		2025-12-03 11:19:34 -08:00
..
.gitignore scripts: add boot policy generation program 2024-08-20 14:03:39 -04:00
Kconfig ipe: use SHA-256 library API instead of crypto_shash API 2025-07-28 18:54:18 -07:00
Makefile ipe: kunit test for parser 2024-08-20 14:03:43 -04:00
audit.c ipe: Add AT_EXECVE_CHECK support for script enforcement 2025-12-02 19:37:01 -08:00
audit.h ipe: add permissive toggle 2024-08-20 14:02:27 -04:00
digest.c ipe: add support for dm-verity as a trust provider 2024-08-20 14:02:45 -04:00
digest.h ipe: add support for dm-verity as a trust provider 2024-08-20 14:02:45 -04:00
eval.c ipe: enable support for fs-verity as a trust provider 2024-08-20 14:03:35 -04:00
eval.h ipe: enable support for fs-verity as a trust provider 2024-08-20 14:03:35 -04:00
fs.c ipe: move initcalls to the LSM framework 2025-10-22 19:24:25 -04:00
fs.h ipe: add userspace interface 2024-08-20 14:02:15 -04:00
hooks.c ipe/stable-6.19 PR 20251202 2025-12-03 11:19:34 -08:00
hooks.h ipe: Add AT_EXECVE_CHECK support for script enforcement 2025-12-02 19:37:01 -08:00
ipe.c ipe/stable-6.19 PR 20251202 2025-12-03 11:19:34 -08:00
ipe.h ipe: move initcalls to the LSM framework 2025-10-22 19:24:25 -04:00
policy.c ipe: add errno field to IPE policy load auditing 2025-05-27 18:08:51 -07:00
policy.h ipe: enable support for fs-verity as a trust provider 2024-08-20 14:03:35 -04:00
policy_fs.c ipe: don't bother with removal of files in directory we'll be removing 2025-06-17 18:10:53 -04:00
policy_parser.c ipe: enable support for fs-verity as a trust provider 2024-08-20 14:03:35 -04:00
policy_parser.h
policy_tests.c ipe: Add missing terminator to list of unit tests 2024-09-23 15:53:37 -04:00