mirror of https://github.com/torvalds/linux.git
a414016218
Each time a file in policy, that is already opened for read, is opened for write, a Time-of-Measure-Time-of-Use (ToMToU) integrity violation audit message is emitted and a violation record is added to the IMA measurement list. This occurs even if a ToMToU violation has already been recorded. Limit the number of ToMToU integrity violations per file open for read. Note: The IMA_MAY_EMIT_TOMTOU atomic flag must be set from the reader side based on policy. This may result in a per file open for read ToMToU violation. Since IMA_MUST_MEASURE is only used for violations, rename the atomic IMA_MUST_MEASURE flag to IMA_MAY_EMIT_TOMTOU. Cc: stable@vger.kernel.org # applies cleanly up to linux-6.6 Tested-by: Stefan Berger <stefanb@linux.ibm.com> Reviewed-by: Petr Vorel <pvorel@suse.cz> Tested-by: Petr Vorel <pvorel@suse.cz> Reviewed-by: Roberto Sassu <roberto.sassu@huawei.com> Signed-off-by: Mimi Zohar <zohar@linux.ibm.com> |
||
|---|---|---|
| .. | ||
| Kconfig | ||
| Makefile | ||
| ima.h | ||
| ima_api.c | ||
| ima_appraise.c | ||
| ima_asymmetric_keys.c | ||
| ima_crypto.c | ||
| ima_efi.c | ||
| ima_fs.c | ||
| ima_iint.c | ||
| ima_init.c | ||
| ima_kexec.c | ||
| ima_main.c | ||
| ima_modsig.c | ||
| ima_mok.c | ||
| ima_policy.c | ||
| ima_queue.c | ||
| ima_queue_keys.c | ||
| ima_template.c | ||
| ima_template_lib.c | ||
| ima_template_lib.h | ||