github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-05-12 16:18:45 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity
82bbd44719
linux/security
History
Stefan Berger 82bbd44719 evm: Enforce signatures version 3 with new EVM policy 'bit 3' 
Enable the configuration of EVM so that it requires that asymmetric
signatures it accepts are of version 3 (sigv3). To enable this, introduce
bit 3 (value 0x0008) that the user may write to EVM's securityfs policy
configuration file 'evm' for sigv3 enforcement.

Mention bit 3 in the documentation.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
2026-04-01 10:16:53 -04:00
..
apparmor Convert more 'alloc_obj' cases to default GFP_KERNEL arguments 2026-02-21 20:03:00 -08:00
bpf lsm: replace the name field with a pointer to the lsm_id struct 2025-10-22 19:24:18 -04:00
integrity evm: Enforce signatures version 3 with new EVM policy 'bit 3' 2026-04-01 10:16:53 -04:00
ipe Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
keys Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
landlock Convert 'alloc_flex' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
loadpin Convert 'alloc_flex' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
lockdown lockdown: move initcalls to the LSM framework 2025-10-22 19:24:27 -04:00
safesetid Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
selinux Convert remaining multi-line kmalloc_obj/flex GFP_KERNEL uses 2026-02-22 08:26:33 -08:00
smack Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
tomoyo treewide: Replace kmalloc with kmalloc_obj for non-scalar types 2026-02-21 01:02:28 -08:00
yama Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
commoncap_test.c security: Add KUnit tests for kuid_root_in_ns and vfsuid_root_in_currentns 2026-01-09 11:28:28 -06:00
commoncap.c security: Add KUnit tests for kuid_root_in_ns and vfsuid_root_in_currentns 2026-01-09 11:28:28 -06:00
device_cgroup.c Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
inode.c Some filesystems use a kinda-sorta controlled dentry refcount leak to pin 2025-12-05 14:36:21 -08:00
Kconfig security: Add KUnit tests for kuid_root_in_ns and vfsuid_root_in_currentns 2026-01-09 11:28:28 -06:00
Kconfig.hardening rust: add bitmap API. 2025-09-22 15:52:44 -04:00
lsm_audit.c net: Retire DCCP socket. 2025-04-11 18:58:10 -07:00
lsm_init.c lsm: preserve /proc/sys/vm/mmap_min_addr when !CONFIG_SECURITY 2026-01-29 13:56:53 -05:00
lsm_notifier.c lsm: split the notifier code out into lsm_notifier.c 2025-10-22 19:24:15 -04:00
lsm_syscalls.c lsm: rework lsm_active_cnt and lsm_idlist[] 2025-10-22 19:24:19 -04:00
lsm.h lsm: preserve /proc/sys/vm/mmap_min_addr when !CONFIG_SECURITY 2026-01-29 13:56:53 -05:00
Makefile lsm: split the init code out into lsm_init.c 2025-10-22 19:24:16 -04:00
min_addr.c lsm: preserve /proc/sys/vm/mmap_min_addr when !CONFIG_SECURITY 2026-01-29 13:56:53 -05:00
security.c lsm: make keys for static branch static 2026-01-06 20:57:55 -05:00