| commit | 7102ebcd65c1cdb5d5a87c7c5cf7a46f5afb0cac | [log] [tgz] |
|---|---|---|
| author | Mimi Zohar <zohar@linux.vnet.ibm.com> | Thu May 12 18:33:20 2011 -0400 |
| committer | Mimi Zohar <zohar@linux.vnet.ibm.com> | Mon Jul 18 12:29:49 2011 -0400 |
| tree | 1de4ac95b25e6bebab103e4377047c8f76038dac | |
| parent | 24e0198efe0df50034ec1c14b2d7b5bb0f66d54a [diff] |
evm: permit only valid security.evm xattrs to be updated In addition to requiring CAP_SYS_ADMIN permission to modify/delete security.evm, prohibit invalid security.evm xattrs from changing, unless in fixmode. This patch prevents inadvertent 'fixing' of security.evm to reflect offline modifications. Changelog v7: - rename boot paramater 'evm_mode' to 'evm' Reported-by: Roberto Sassu <roberto.sassu@polito.it> Signed-off-by: Mimi Zohar <zohar@us.ibm.com>