diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2025-12-03 11:08:03 -0800 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2025-12-03 11:08:03 -0800 |
| commit | 777f8171602d5954cac024b66afa1b5b030641a4 (patch) | |
| tree | 85a8cc4e5a4bea33c1f6ce7713d8fddc399c1aa4 /scripts/livepatch/init.c | |
| parent | 204a920f284e7264aa6dcd5876cbb1e03a7e4ebc (diff) | |
| parent | 738c9738e690f5cea24a3ad6fd2d9a323cf614f6 (diff) | |
Merge tag 'integrity-v6.19' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity
Pull integrity updates from Mimi Zohar:
"Bug fixes:
- defer credentials checking from the bprm_check_security hook to the
bprm_creds_from_file security hook
- properly ignore IMA policy rules based on undefined SELinux labels
IMA policy rule extensions:
- extend IMA to limit including file hashes in the audit logs
(dont_audit action)
- define a new filesystem subtype policy option (fs_subtype)
Misc:
- extend IMA to support in-kernel module decompression by deferring
the IMA signature verification in kernel_read_file() to after the
kernel module is decompressed"
* tag 'integrity-v6.19' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity:
ima: Handle error code returned by ima_filter_rule_match()
ima: Access decompressed kernel module to verify appended signature
ima: add fs_subtype condition for distinguishing FUSE instances
ima: add dont_audit action to suppress audit actions
ima: Attach CREDS_CHECK IMA hook to bprm_creds_from_file LSM hook
Diffstat (limited to 'scripts/livepatch/init.c')
0 files changed, 0 insertions, 0 deletions