Eric W. Biederman 19339c2516 Revert "evm: Translate user/group ids relative to s_user_ns when computing HMAC" ... This reverts commit 0b3c9761d1. Seth Forshee <seth.forshee@canonical.com> writes: > All right, I think 0b3c9761d1 should be > reverted then. EVM is a machine-local integrity mechanism, and so it > makes sense that the signature would be based on the kernel's notion of > the uid and not the filesystem's. I added a commment explaining why the EVM hmac needs to be in the kernel's notion of uid and gid, not the filesystems to prevent remounting the filesystem and gaining unwaranted trust in files. Acked-by: Seth Forshee <seth.forshee@canonical.com> Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>		2016-12-02 20:58:41 -06:00
..
evm	Revert "evm: Translate user/group ids relative to s_user_ns when computing HMAC"	2016-12-02 20:58:41 -06:00
ima	Merge branch 'work.xattr' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs	2016-10-10 17:11:50 -07:00
digsig.c	IMA: Use the the system trusted keyrings instead of .ima_mok	2016-04-11 22:49:15 +01:00
digsig_asymmetric.c	X.509: Make algo identifiers text instead of enum	2016-03-03 21:49:27 +00:00
iint.c	integrity: add measured_pcrs field to integrity cache	2016-06-30 01:14:19 -04:00
integrity.h	integrity: add measured_pcrs field to integrity cache	2016-06-30 01:14:19 -04:00
integrity_audit.c	Merge git://git.infradead.org/users/eparis/audit	2014-04-12 12:38:53 -07:00
Kconfig	security: integrity: Remove select to deleted option PUBLIC_KEY_ALGO_RSA	2016-04-12 19:54:58 +01:00
Makefile	integrity: make integrity files as 'integrity' module	2014-09-09 10:28:58 -04:00