[prev in list] [next in list] [prev in thread] [next in thread]
List: linux-integrity
Subject: [PATCH 0/2] evm: disable EVM on overlayfs
From: Mimi Zohar <zohar () linux ! ibm ! com>
Date: 2023-12-19 13:48:59
Message-ID: 20231219134901.96300-1-zohar () linux ! ibm ! com
[Download RAW message or body]
EVM verifies the existing 'security.evm' value, before allowing it
to be updated. The EVM HMAC and the original file signatures contain
filesystem specific metadata (e.g. i_ino, i_generation and s_uuid).
This poses a challenge when transitioning from the lower backing file
to the upper backing file.
Until a complete solution is developed, disable EVM on overlayfs.
Mimi Zohar (2):
evm: don't copy up 'security.evm' xattr
evm: add support to disable EVM on unsupported filesystems
include/linux/evm.h | 6 +++++
security/integrity/evm/evm_main.c | 42 ++++++++++++++++++++++++++++++-
security/security.c | 4 +++
3 files changed, 51 insertions(+), 1 deletion(-)
--
2.39.3
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic