.
getfattr -e text -n integrity.SMACK64 foo
# file: foo
integrity.SMACK64=hello world
Suggested-by: Casey Schaufler ca...@schaufler-ca.com
Signed-off-by: Dmitry Kasatkin dmitry.kasat...@intel.com
---
fs/xattr.c | 22 +++---
include/uapi/linux/xattr.h |4
is reduced to 32 bits to save xattr space. Key search is done
using partial match functionality of asymmetric_key_match().
- Kconfig option title was changed
Signed-off-by: Dmitry Kasatkin
Acked-by: David Howells
---
security/integrity/Kconfig | 12
security/integrit
bits to save xattr space. Key search is done
using partial match functionality of asymmetric_key_match().
- Kconfig option title was changed
Signed-off-by: Dmitry Kasatkin dmitry.kasat...@intel.com
Acked-by: David Howells dhowe...@redhat.com
---
security/integrity/Kconfig | 12
Signed-off-by: Dmitry Kasatkin
---
init/do_mounts.h |2 ++
init/initramfs.c |2 +-
2 files changed, 3 insertions(+), 1 deletion(-)
diff --git a/init/do_mounts.h b/init/do_mounts.h
index f5b978a..11829eb 100644
--- a/init/do_mounts.h
+++ b/init/do_mounts.h
@@ -74,3 +74,5 @@ void
-tools hooks, for example, by creating
/etc/initramfs-tools/hooks/initramfs_sig.sh, and adding following lines there:
#!/bin/sh
. /usr/share/initramfs-tools/hook-functions
copy_exec /initramfs-sig.img
Signed-off-by: Dmitry Kasatkin
---
init/Kconfig |7 +++
init/Makefile
This an RFC for the signed initramfs images, which can be used to provide
verified initial user-space. Please read patch description for the detailed
explanation.
BR,
Dmitry
Dmitry Kasatkin (2):
export unpack_to_rootfs
initramfs with digital signature protection
init/Kconfig |7
This an RFC for the signed initramfs images, which can be used to provide
verified initial user-space. Please read patch description for the detailed
explanation.
BR,
Dmitry
Dmitry Kasatkin (2):
export unpack_to_rootfs
initramfs with digital signature protection
init/Kconfig |7
-tools hooks, for example, by creating
/etc/initramfs-tools/hooks/initramfs_sig.sh, and adding following lines there:
#!/bin/sh
. /usr/share/initramfs-tools/hook-functions
copy_exec /initramfs-sig.img
Signed-off-by: Dmitry Kasatkin dmitry.kasat...@intel.com
---
init/Kconfig |7
Signed-off-by: Dmitry Kasatkin dmitry.kasat...@intel.com
---
init/do_mounts.h |2 ++
init/initramfs.c |2 +-
2 files changed, 3 insertions(+), 1 deletion(-)
diff --git a/init/do_mounts.h b/init/do_mounts.h
index f5b978a..11829eb 100644
--- a/init/do_mounts.h
+++ b/init/do_mounts.h
From: YOSHIFUJI Hideaki
digsig_verify_rsa() does not free kmalloc'ed buffer returned by
mpi_get_buffer().
Signed-off-by: YOSHIFUJI Hideaki
Signed-off-by: Dmitry Kasatkin
Cc: sta...@vger.kernel.org
---
lib/digsig.c |2 ++
1 file changed, 2 insertions(+)
diff --git a/lib/digsig.c b/lib
From: YOSHIFUJI Hideaki yoshf...@linux-ipv6.org
digsig_verify_rsa() does not free kmalloc'ed buffer returned by
mpi_get_buffer().
Signed-off-by: YOSHIFUJI Hideaki yoshf...@linux-ipv6.org
Signed-off-by: Dmitry Kasatkin dmitry.kasat...@intel.com
Cc: sta...@vger.kernel.org
---
lib/digsig.c |2
e specific, binds integrity data to the
device. As a result data blocks and corresponding HMACs cannot simply be
copied over from other file systems.
Signed-off-by: Dmitry Kasatkin
---
Documentation/device-mapper/dm-integrity.txt | 137
drivers/md/Kconfig | 13 +
ed new option 'zero_on_error' to return zeroed block instead of an error
default behavior is to return an error
- improved error printing
-Dmitry
Dmitry Kasatkin (1):
dm-integrity: integrity protection device-mapper target
Documentation/device-mapper/dm-integrity.txt | 137
drive
'zero_on_error' to return zeroed block instead of an error
default behavior is to return an error
- improved error printing
-Dmitry
Dmitry Kasatkin (1):
dm-integrity: integrity protection device-mapper target
Documentation/device-mapper/dm-integrity.txt | 137
drivers/md/Kconfig
, binds integrity data to the
device. As a result data blocks and corresponding HMACs cannot simply be
copied over from other file systems.
Signed-off-by: Dmitry Kasatkin dmitry.kasat...@intel.com
---
Documentation/device-mapper/dm-integrity.txt | 137
drivers/md/Kconfig
e specific, binds integrity data to the
device. As a result data blocks and corresponding HMACs cannot simply be
copied over from other file systems.
Signed-off-by: Dmitry Kasatkin
---
Documentation/device-mapper/dm-integrity.txt | 137
drivers/md/Kconfig | 13 +
yption.
I addressed all comments I got so far. Can it be now added to the DM tree?
- Dmitry
Dmitry Kasatkin (1):
dm-integrity: integrity protection device-mapper target
Documentation/device-mapper/dm-integrity.txt | 137
drivers/md/Kconfig | 13 +
drivers/m
signature format.
BR,
Dmitry
Dmitry Kasatkin (1):
ima: digital signature verification using asymmetric keys
security/integrity/Kconfig | 12 +
security/integrity/digsig.c | 103 ++-
2 files changed, 114 insertions(+), 1 deletion(-)
--
1.7.10.4
signature format.
BR,
Dmitry
Dmitry Kasatkin (1):
ima: digital signature verification using asymmetric keys
security/integrity/Kconfig | 12 +
security/integrity/digsig.c | 103 ++-
2 files changed, 114 insertions(+), 1 deletion(-)
--
1.7.10.4
addressed all comments I got so far. Can it be now added to the DM tree?
- Dmitry
Dmitry Kasatkin (1):
dm-integrity: integrity protection device-mapper target
Documentation/device-mapper/dm-integrity.txt | 137
drivers/md/Kconfig | 13 +
drivers/md/Makefile
, binds integrity data to the
device. As a result data blocks and corresponding HMACs cannot simply be
copied over from other file systems.
Signed-off-by: Dmitry Kasatkin dmitry.kasat...@intel.com
---
Documentation/device-mapper/dm-integrity.txt | 137
drivers/md/Kconfig
e specific, binds integrity data to the
device. As a result data blocks and corresponding HMACs cannot simply be
copied over from other file systems.
Signed-off-by: Dmitry Kasatkin
---
Documentation/device-mapper/dm-integrity.txt | 137
drivers/md/Kconfig | 13 +
added sync mode flag to handle reboot notifications
- added discards handling
- use DM functions for printing kernel messages
- Dmitry
Dmitry Kasatkin (1):
dm-integrity: integrity protection device-mapper target
Documentation/device-mapper/dm-integrity.txt | 137
drivers/
mode flag to handle reboot notifications
- added discards handling
- use DM functions for printing kernel messages
- Dmitry
Dmitry Kasatkin (1):
dm-integrity: integrity protection device-mapper target
Documentation/device-mapper/dm-integrity.txt | 137
drivers/md/Kconfig
, binds integrity data to the
device. As a result data blocks and corresponding HMACs cannot simply be
copied over from other file systems.
Signed-off-by: Dmitry Kasatkin dmitry.kasat...@intel.com
---
Documentation/device-mapper/dm-integrity.txt | 137
drivers/md/Kconfig
will not be measured
and appraised and test this flag during subsequent calls to skip policy search.
Signed-off-by: Dmitry Kasatkin
---
include/linux/fs.h |4
1 file changed, 4 insertions(+)
diff --git a/include/linux/fs.h b/include/linux/fs.h
index b33cfc9..0bef2b2 100644
--- a/include
such approach?
Thanks,
Dmitry
Dmitry Kasatkin (2):
vfs: new super block feature flags attribute
ima: skip policy search for never appraised or measured files
include/linux/fs.h |4
security/integrity/ima/ima_api.c|8 ++--
security/integrity/ima/ima_policy.c | 20
will not be measured
and appraised and test this flag during subsequent calls to skip policy search.
Signed-off-by: Dmitry Kasatkin
---
include/linux/fs.h |4
1 file changed, 4 insertions(+)
diff --git a/include/linux/fs.h b/include/linux/fs.h
index b33cfc9..0bef2b2 100644
--- a/include
will not be measured
and appraised and test this flag during subsequent calls to skip policy search.
Signed-off-by: Dmitry Kasatkin dmitry.kasat...@intel.com
---
include/linux/fs.h |4
1 file changed, 4 insertions(+)
diff --git a/include/linux/fs.h b/include/linux/fs.h
index b33cfc9..0bef2b2
such approach?
Thanks,
Dmitry
Dmitry Kasatkin (2):
vfs: new super block feature flags attribute
ima: skip policy search for never appraised or measured files
include/linux/fs.h |4
security/integrity/ima/ima_api.c|8 ++--
security/integrity/ima/ima_policy.c | 20
will not be measured
and appraised and test this flag during subsequent calls to skip policy search.
Signed-off-by: Dmitry Kasatkin dmitry.kasat...@intel.com
---
include/linux/fs.h |4
1 file changed, 4 insertions(+)
diff --git a/include/linux/fs.h b/include/linux/fs.h
index b33cfc9..0bef2b2
e specific, binds integrity data to the
device. As a result data blocks and corresponding HMACs cannot simply be
copied over from other file systems.
Signed-off-by: Dmitry Kasatkin
---
Documentation/device-mapper/dm-integrity.txt | 125
drivers/md/Kconfig | 12 +
-integrity provides a lighter weight read-write block level integrity
protection for file systems not requiring full disk encryption, but
which do require writability.
- Dmitry
Dmitry Kasatkin (1):
dm-integrity: integrity protection device-mapper target
Documentation/device-mapper/dm-integrity.
a lighter weight read-write block level integrity
protection for file systems not requiring full disk encryption, but
which do require writability.
- Dmitry
Dmitry Kasatkin (1):
dm-integrity: integrity protection device-mapper target
Documentation/device-mapper/dm-integrity.txt | 125
, binds integrity data to the
device. As a result data blocks and corresponding HMACs cannot simply be
copied over from other file systems.
Signed-off-by: Dmitry Kasatkin dmitry.kasat...@intel.com
---
Documentation/device-mapper/dm-integrity.txt | 125
drivers/md/Kconfig
701 - 735 of 735 matches
Mail list logo