summaryrefslogtreecommitdiff
path: root/security/security.c
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2024-01-09 13:24:06 -0800
committerLinus Torvalds <torvalds@linux-foundation.org>2024-01-09 13:24:06 -0800
commit6c1dd1fe5d8a1d43ed96e2e0ed44a88c73c5c039 (patch)
tree08cf4521df75e4b7699f1abeb695985ce6ee26d9 /security/security.c
parente9b4c5890858015bfe2089b7573319bcf4a92907 (diff)
parentc00f94b3a5be428837868c0f2cdaa3fa5b4b1995 (diff)
Merge tag 'integrity-v6.8' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity
Pull integrity updates from Mimi Zohar: - Add a new IMA/EVM maintainer and reviewer - Disable EVM on overlayfs The EVM HMAC and the original file signatures contain filesystem specific metadata (e.g. i_ino, i_generation and s_uuid), preventing the security.evm xattr from directly being copied up to the overlay. Further before calculating and writing out the overlay file's EVM HMAC, EVM must first verify the existing backing file's 'security.evm' value. For now until a solution is developed, disable EVM on overlayfs. - One bug fix and two cleanups * tag 'integrity-v6.8' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity: overlay: disable EVM evm: add support to disable EVM on unsupported filesystems evm: don't copy up 'security.evm' xattr MAINTAINERS: Add Eric Snowberg as a reviewer to IMA MAINTAINERS: Add Roberto Sassu as co-maintainer to IMA and EVM KEYS: encrypted: Add check for strsep ima: Remove EXPERIMENTAL from Kconfig ima: Reword IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY
Diffstat (limited to 'security/security.c')
-rw-r--r--security/security.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/security/security.c b/security/security.c
index 8b55ef346a62..0144a98d3712 100644
--- a/security/security.c
+++ b/security/security.c
@@ -2623,7 +2623,7 @@ int security_inode_copy_up_xattr(const char *name)
return rc;
}
- return LSM_RET_DEFAULT(inode_copy_up_xattr);
+ return evm_inode_copy_up_xattr(name);
}
EXPORT_SYMBOL(security_inode_copy_up_xattr);