Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
Pull security subsystem fixes from James Morris: "From Mimi: Both of these patches are bug fixes for patches, which were upstreamed in this open window. The first patch addresses a merge issue. The second patch addresses a CONFIG_BLOCK dependency." * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: block: fix part_pack_uuid() build error ima: "remove enforce checking duplication" merge fix
This commit is contained in:
commit
f6d43b93bd
@ -231,6 +231,12 @@ static inline void part_pack_uuid(const u8 *uuid_str, u8 *to)
|
||||
}
|
||||
}
|
||||
|
||||
static inline int blk_part_pack_uuid(const u8 *uuid_str, u8 *to)
|
||||
{
|
||||
part_pack_uuid(uuid_str, to);
|
||||
return 0;
|
||||
}
|
||||
|
||||
static inline int disk_max_parts(struct gendisk *disk)
|
||||
{
|
||||
if (disk->flags & GENHD_FL_EXT_DEVT)
|
||||
@ -718,6 +724,10 @@ static inline dev_t blk_lookup_devt(const char *name, int partno)
|
||||
return devt;
|
||||
}
|
||||
|
||||
static inline int blk_part_pack_uuid(const u8 *uuid_str, u8 *to)
|
||||
{
|
||||
return -EINVAL;
|
||||
}
|
||||
#endif /* CONFIG_BLOCK */
|
||||
|
||||
#endif /* _LINUX_GENHD_H */
|
||||
|
@ -284,7 +284,8 @@ int ima_module_check(struct file *file)
|
||||
{
|
||||
if (!file) {
|
||||
#ifndef CONFIG_MODULE_SIG_FORCE
|
||||
if (ima_appraise & IMA_APPRAISE_MODULES)
|
||||
if ((ima_appraise & IMA_APPRAISE_MODULES) &&
|
||||
(ima_appraise & IMA_APPRAISE_ENFORCE))
|
||||
return -EACCES; /* INTEGRITY_UNKNOWN */
|
||||
#endif
|
||||
return 0; /* We rely on module signature checking */
|
||||
|
@ -176,7 +176,7 @@ static bool ima_match_rules(struct ima_rule_entry *rule,
|
||||
&& rule->fsmagic != inode->i_sb->s_magic)
|
||||
return false;
|
||||
if ((rule->flags & IMA_FSUUID) &&
|
||||
memcmp(rule->fsuuid, inode->i_sb->s_uuid, sizeof(rule->fsuuid)))
|
||||
memcmp(rule->fsuuid, inode->i_sb->s_uuid, sizeof(rule->fsuuid)))
|
||||
return false;
|
||||
if ((rule->flags & IMA_UID) && !uid_eq(rule->uid, cred->uid))
|
||||
return false;
|
||||
@ -530,14 +530,15 @@ static int ima_parse_rule(char *rule, struct ima_rule_entry *entry)
|
||||
ima_log_string(ab, "fsuuid", args[0].from);
|
||||
|
||||
if (memchr_inv(entry->fsuuid, 0x00,
|
||||
sizeof(entry->fsuuid))) {
|
||||
sizeof(entry->fsuuid))) {
|
||||
result = -EINVAL;
|
||||
break;
|
||||
}
|
||||
|
||||
part_pack_uuid(args[0].from, entry->fsuuid);
|
||||
entry->flags |= IMA_FSUUID;
|
||||
result = 0;
|
||||
result = blk_part_pack_uuid(args[0].from,
|
||||
entry->fsuuid);
|
||||
if (!result)
|
||||
entry->flags |= IMA_FSUUID;
|
||||
break;
|
||||
case Opt_uid:
|
||||
ima_log_string(ab, "uid", args[0].from);
|
||||
|
Loading…
x
Reference in New Issue
Block a user