• L
    Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security · 67e2c388
    Linus Torvalds 提交于
    Pull security layer updates from James Morris:
     "In terms of changes, there's general maintenance to the Smack,
      SELinux, and integrity code.
    
      The IMA code adds a new kconfig option, IMA_APPRAISE_SIGNED_INIT,
      which allows IMA appraisal to require signatures.  Support for reading
      keys from rootfs before init is call is also added"
    
    * 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (23 commits)
      selinux: Remove security_ops extern
      security: smack: fix out-of-bounds access in smk_parse_smack()
      VFS: refactor vfs_read()
      ima: require signature based appraisal
      integrity: provide a hook to load keys when rootfs is ready
      ima: load x509 certificate from the kernel
      integrity: provide a function to load x509 certificate from the kernel
      integrity: define a new function integrity_read_file()
      Security: smack: replace kzalloc with kmem_cache for inode_smack
      Smack: Lock mode for the floor and hat labels
      ima: added support for new kernel cmdline parameter ima_template_fmt
      ima: allocate field pointers array on demand in template_desc_init_fields()
      ima: don't allocate a copy of template_fmt in template_desc_init_fields()
      ima: display template format in meas. list if template name length is zero
      ima: added error messages to template-related functions
      ima: use atomic bit operations to protect policy update interface
      ima: ignore empty and with whitespaces policy lines
      ima: no need to allocate entry for comment
      ima: report policy load status
      ima: use path names cache
      ...
    67e2c388
evm_main.c 13.3 KB