Mimi Zohar 904f9c1465 ima: detect changes to the backing overlay file ... [ Upstream commit b836c4d29f2744200b2af41e14bf50758dddc818 ] Commit 18b44bc5a672 ("ovl: Always reevaluate the file signature for IMA") forced signature re-evaulation on every file access. Instead of always re-evaluating the file's integrity, detect a change to the backing file, by comparing the cached file metadata with the backing file's metadata. Verifying just the i_version has not changed is insufficient. In addition save and compare the i_ino and s_dev as well. Reviewed-by: Amir Goldstein <amir73il@gmail.com> Tested-by: Eric Snowberg <eric.snowberg@oracle.com> Tested-by: Raul E Rangel <rrangel@chromium.org> Cc: stable@vger.kernel.org Signed-off-by: Mimi Zohar <zohar@linux.ibm.com> Signed-off-by: Sasha Levin <sashal@kernel.org>		2023-12-08 08:43:26 +01:00
..
evm	evm: Complete description of evm_inode_setattr()	2023-08-11 11:45:03 +02:00
ima	ima: detect changes to the backing overlay file	2023-12-08 08:43:26 +01:00
digsig.c	integrity/security: fix digsig.c build error with header file	2018-02-22 20:09:08 -08:00
digsig_asymmetric.c	integrity: prevent deadlock during digsig verification.	2018-07-18 07:27:22 -04:00
iint.c	ima: annotate iint mutex to avoid lockdep false positive warnings	2023-12-08 08:43:26 +01:00
integrity.h	ima: detect changes to the backing overlay file	2023-12-08 08:43:26 +01:00
integrity_audit.c	integrity: check the return value of audit_log_start()	2022-02-16 12:51:43 +01:00
Kconfig	security: integrity: Remove select to deleted option PUBLIC_KEY_ALGO_RSA	2016-04-12 19:54:58 +01:00
Makefile	License cleanup: add SPDX GPL-2.0 license identifier to files with no license	2017-11-02 11:10:55 +01:00