1. 22 6月, 2017 13 次提交
  2. 05 4月, 2017 1 次提交
    • M
      KEYS: Use structure to capture key restriction function and data · 2b6aa412
      Mat Martineau 提交于
      Replace struct key's restrict_link function pointer with a pointer to
      the new struct key_restriction. The structure contains pointers to the
      restriction function as well as relevant data for evaluating the
      restriction.
      
      The garbage collector checks restrict_link->keytype when key types are
      unregistered. Restrictions involving a removed key type are converted
      to use restrict_link_reject so that restrictions cannot be removed by
      unregistering key types.
      Signed-off-by: NMat Martineau <mathew.j.martineau@linux.intel.com>
      2b6aa412
  3. 13 3月, 2017 1 次提交
    • M
      ima: provide ">" and "<" operators for fowner/uid/euid rules. · 3dd0c8d0
      Mikhail Kurinnoi 提交于
      For now we have only "=" operator for fowner/uid/euid rules. This
      patch provide two more operators - ">" and "<" in order to make
      fowner/uid/euid rules more flexible.
      
      Examples of usage.
      
       Appraise all files owned by special and system users (SYS_UID_MAX 999):
          appraise fowner<1000
       Don't appraise files owned by normal users (UID_MIN 1000):
          dont_appraise fowner>999
       Appraise all files owned by users with UID 1000-1010:
          dont_appraise fowner>1010
          appraise fowner>999
      
      Changelog v3:
      - Removed code duplication in ima_parse_rule().
      - Fix ima_policy_show() - (Mimi)
      
      Changelog v2:
      - Fixed default policy rules.
      Signed-off-by: NMikhail Kurinnoi <viewizard@viewizard.com>
      Signed-off-by: NMimi Zohar <zohar@linux.vnet.ibm.com>
      
       security/integrity/ima/ima_policy.c | 115 +++++++++++++++++++++++++++---------
       1 file changed, 87 insertions(+), 28 deletions(-)
      3dd0c8d0
  4. 07 3月, 2017 2 次提交
  5. 28 1月, 2017 2 次提交
  6. 21 12月, 2016 8 次提交
  7. 14 11月, 2016 4 次提交
  8. 08 10月, 2016 1 次提交
  9. 16 9月, 2016 1 次提交
  10. 30 6月, 2016 7 次提交