1. 22 5月, 2009 2 次提交
    • E
      IMA: Add __init notation to ima functions · 932995f0
      Eric Paris 提交于
      A number of IMA functions only used during init are not marked with __init.
      Add those notations so they are freed automatically.
      Signed-off-by: NEric Paris <eparis@redhat.com>
      Acked-by: NMimi Zohar <zohar@us.ibm.com>
      Signed-off-by: NJames Morris <jmorris@namei.org>
      932995f0
    • E
      IMA: Minimal IMA policy and boot param for TCB IMA policy · 5789ba3b
      Eric Paris 提交于
      The IMA TCB policy is dangerous.  A normal use can use all of a system's
      memory (which cannot be freed) simply by building and running lots of
      executables.  The TCB policy is also nearly useless because logging in as root
      often causes a policy violation when dealing with utmp, thus rendering the
      measurements meaningless.
      
      There is no good fix for this in the kernel.  A full TCB policy would need to
      be loaded in userspace using LSM rule matching to get both a protected and
      useful system.  But, if too little is measured before userspace can load a real
      policy one again ends up with a meaningless set of measurements.  One option
      would be to put the policy load inside the initrd in order to get it early
      enough in the boot sequence to be useful, but this runs into trouble with the
      LSM.  For IMA to measure the LSM policy and the LSM policy loading mechanism
      it needs rules to do so, but we already talked about problems with defaulting
      to such broad rules....
      
      IMA also depends on the files being measured to be on an FS which implements
      and supports i_version.  Since the only FS with this support (ext4) doesn't
      even use it by default it seems silly to have any IMA rules by default.
      
      This should reduce the performance overhead of IMA to near 0 while still
      letting users who choose to configure their machine as such to inclue the
      ima_tcb kernel paramenter and get measurements during boot before they can
      load a customized, reasonable policy in userspace.
      Signed-off-by: NEric Paris <eparis@redhat.com>
      Acked-by: NMimi Zohar <zohar@us.ibm.com>
      Signed-off-by: NJames Morris <jmorris@namei.org>
      5789ba3b
  2. 19 5月, 2009 1 次提交
  3. 15 5月, 2009 2 次提交
  4. 12 5月, 2009 3 次提交
  5. 06 5月, 2009 3 次提交
  6. 23 2月, 2009 1 次提交
  7. 20 2月, 2009 1 次提交
    • M
      integrity: ima scatterlist bug fix · 0da0a420
      Mimi Zohar 提交于
      Based on Alexander Beregalov's post http://lkml.org/lkml/2009/2/19/198
      
      - replaced sg_set_buf() with sg_init_one()
      
       kernel BUG at include/linux/scatterlist.h:65!
       invalid opcode: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC
       last sysfs file:
       CPU 2
       Modules linked in:
       Pid: 1, comm: swapper Not tainted 2.6.29-rc5-next-20090219 #5 PowerEdge 1950
       RIP: 0010:[<ffffffff8045ec70>]  [<ffffffff8045ec70>] ima_calc_hash+0xc0/0x160
       RSP: 0018:ffff88007f46bc40  EFLAGS: 00010286
       RAX: ffffe200032c45e8 RBX: 00000000fffffff4 RCX: 0000000087654321
       RDX: 0000000000000002 RSI: 0000000000000001 RDI: ffff88007cf71048
       RBP: ffff88007f46bcd0 R08: 0000000000000000 R09: 0000000000000163
       R10: ffff88007f4707a8 R11: 0000000000000000 R12: ffff88007cf71048
       R13: 0000000000001000 R14: 0000000000000000 R15: 0000000000009d98
       FS:  0000000000000000(0000) GS:ffff8800051ac000(0000) knlGS:0000000000000000
       CS:  0010 DS: 0018 ES: 0018 CR0: 000000008005003b
       CR2: 0000000000000000 CR3: 0000000000201000 CR4: 00000000000006e0
       DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
       DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
      Signed-off-by: NMimi Zohar <zohar@us.ibm.com>
      Tested-by: NAlexander Beregalov <a.beregalov@gmail.com>
      Signed-off-by: NJames Morris <jmorris@namei.org>
      0da0a420
  8. 13 2月, 2009 1 次提交
    • R
      ima: fix build error · b53fab9d
      Randy Dunlap 提交于
      IMA_LSM_RULES requires AUDIT.  This is automatic if SECURITY_SELINUX=y
      but not when SECURITY_SMACK=y (and SECURITY_SELINUX=n), so make the
      dependency explicit.  This fixes the following build error:
      
      security/integrity/ima/ima_policy.c:111:error: implicit declaration of function 'security_audit_rule_match'
      security/integrity/ima/ima_policy.c:230:error: implicit declaration of function 'security_audit_rule_init'
      Signed-off-by: NRandy Dunlap <randy.dunlap@oracle.com>
      Acked-by: NMimi Zohar <zohar@us.ibm.com>
      Signed-off-by: NJames Morris <jmorris@namei.org>
      b53fab9d
  9. 12 2月, 2009 1 次提交
  10. 06 2月, 2009 6 次提交