ima: limit the number of ToMToU integrity violations - kernel/linux.git

diff options

author	Mimi Zohar <zohar@linux.ibm.com>	2025-01-27 18:45:48 +0300
committer	Mimi Zohar <zohar@linux.ibm.com>	2025-03-27 19:40:12 +0300
commit	a414016218ca97140171aa3bb926b02e1f68c2cc (patch)
tree	a04429b21fb96d9eed41200ccb31eb16b03ad847 /lib/crypto/mpi/mpi-mod.c
parent	5b3cd801155f0b34b0b95942a5b057c9b8cad33e (diff)
download	linux-a414016218ca97140171aa3bb926b02e1f68c2cc.tar.xz

ima: limit the number of ToMToU integrity violations

Each time a file in policy, that is already opened for read, is opened for write, a Time-of-Measure-Time-of-Use (ToMToU) integrity violation audit message is emitted and a violation record is added to the IMA measurement list. This occurs even if a ToMToU violation has already been recorded. Limit the number of ToMToU integrity violations per file open for read. Note: The IMA_MAY_EMIT_TOMTOU atomic flag must be set from the reader side based on policy. This may result in a per file open for read ToMToU violation. Since IMA_MUST_MEASURE is only used for violations, rename the atomic IMA_MUST_MEASURE flag to IMA_MAY_EMIT_TOMTOU. Cc: stable@vger.kernel.org # applies cleanly up to linux-6.6 Tested-by: Stefan Berger <stefanb@linux.ibm.com> Reviewed-by: Petr Vorel <pvorel@suse.cz> Tested-by: Petr Vorel <pvorel@suse.cz> Reviewed-by: Roberto Sassu <roberto.sassu@huawei.com> Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>

Diffstat (limited to 'lib/crypto/mpi/mpi-mod.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: