• Linus Torvalds's avatar
    Merge branch 'next-integrity' of... · b33e3cc5
    Linus Torvalds authored
    Merge branch 'next-integrity' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
    
    Pull security subsystem integrity updates from James Morris:
     "There is a mixture of bug fixes, code cleanup, preparatory code for
      new functionality and new functionality.
    
      Commit 26ddabfe ("evm: enable EVM when X509 certificate is
      loaded") enabled EVM without loading a symmetric key, but was limited
      to defining the x509 certificate pathname at build. Included in this
      set of patches is the ability of enabling EVM, without loading the EVM
      symmetric key, from userspace. New is the ability to prevent the
      loading of an EVM symmetric key."
    
    * 'next-integrity' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:
      ima: Remove redundant conditional operator
      ima: Fix bool initialization/comparison
      ima: check signature enforcement against cmdline param instead of CONFIG
      module: export module signature enforcement status
      ima: fix hash algorithm initialization
      EVM: Only complain about a missing HMAC key once
      EVM: Allow userspace to signal an RSA key has been loaded
      EVM: Include security.apparmor in EVM measurements
      ima: call ima_file_free() prior to calling fasync
      integrity: use kernel_read_file_from_path() to read x509 certs
      ima: always measure and audit files in policy
      ima: don't remove the securityfs policy file
      vfs: fix mounting a filesystem with i_version
    b33e3cc5
module.c 111 KB