evm: permit only valid security.evm xattrs to be updated
authorMimi Zohar <zohar@linux.vnet.ibm.com>
Thu, 12 May 2011 22:33:20 +0000 (18:33 -0400)
committerMimi Zohar <zohar@linux.vnet.ibm.com>
Mon, 18 Jul 2011 16:29:49 +0000 (12:29 -0400)
commit7102ebcd65c1cdb5d5a87c7c5cf7a46f5afb0cac
tree1de4ac95b25e6bebab103e4377047c8f76038dac
parent24e0198efe0df50034ec1c14b2d7b5bb0f66d54a
evm: permit only valid security.evm xattrs to be updated

In addition to requiring CAP_SYS_ADMIN permission to modify/delete
security.evm, prohibit invalid security.evm xattrs from changing,
unless in fixmode. This patch prevents inadvertent 'fixing' of
security.evm to reflect offline modifications.

Changelog v7:
- rename boot paramater 'evm_mode' to 'evm'

Reported-by: Roberto Sassu <roberto.sassu@polito.it>
Signed-off-by: Mimi Zohar <zohar@us.ibm.com>
Documentation/kernel-parameters.txt
security/integrity/evm/evm_main.c