diff options
| author | Dmitry Kasatkin | 2014-03-28 13:31:04 +0100 |
|---|---|---|
| committer | Mimi Zohar | 2014-06-12 23:58:06 +0200 |
| commit | d3b33679481d52ef02311119d4342a9a1f3d84db (patch) | |
| tree | 5e23d255b52239a4d478dc8b56e49871a4b732c4 /security/integrity/evm/evm.h | |
| parent | ima: prevent new digsig xattr from being replaced (diff) | |
| download | kernel-qcow2-linux-d3b33679481d52ef02311119d4342a9a1f3d84db.tar.gz kernel-qcow2-linux-d3b33679481d52ef02311119d4342a9a1f3d84db.tar.xz kernel-qcow2-linux-d3b33679481d52ef02311119d4342a9a1f3d84db.zip | |
evm: replace HMAC version with attribute mask
Using HMAC version limits the posibility to arbitrarily add new
attributes such as SMACK64EXEC to the hmac calculation.
This patch replaces hmac version with attribute mask.
Desired attributes can be enabled with configuration parameter.
It allows to build kernels which works with previously labeled
filesystems.
Currently supported attribute is 'fsuuid' which is equivalent of
the former version 2.
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Diffstat (limited to 'security/integrity/evm/evm.h')
| -rw-r--r-- | security/integrity/evm/evm.h | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/security/integrity/evm/evm.h b/security/integrity/evm/evm.h index 37c88ddb3cfe..88bfe77efa1c 100644 --- a/security/integrity/evm/evm.h +++ b/security/integrity/evm/evm.h @@ -24,7 +24,10 @@ extern int evm_initialized; extern char *evm_hmac; extern char *evm_hash; -extern int evm_hmac_version; + +#define EVM_ATTR_FSUUID 0x0001 + +extern int evm_hmac_attrs; extern struct crypto_shash *hmac_tfm; extern struct crypto_shash *hash_tfm; |