diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-08-07 13:13:35 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-08-07 13:13:35 +0000 |
commit | f80f1c6274f537f89d9e809541b10a96c435a8a9 (patch) | |
tree | 813e19375c7badb0388bcc54e8afce818114fe5f /security | |
parent | Adding debian version 6.9.7-1. (diff) | |
download | linux-f80f1c6274f537f89d9e809541b10a96c435a8a9.tar.xz linux-f80f1c6274f537f89d9e809541b10a96c435a8a9.zip |
Merging upstream version 6.9.8.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'security')
-rw-r--r-- | security/integrity/evm/evm_main.c | 12 |
1 files changed, 7 insertions, 5 deletions
diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/evm_main.c index 81dbade5b9..518b3090cd 100644 --- a/security/integrity/evm/evm_main.c +++ b/security/integrity/evm/evm_main.c @@ -192,7 +192,11 @@ static enum integrity_status evm_verify_hmac(struct dentry *dentry, iint->evm_status == INTEGRITY_PASS_IMMUTABLE)) return iint->evm_status; - if (is_unsupported_fs(dentry)) + /* + * On unsupported filesystems without EVM_INIT_X509 enabled, skip + * signature verification. + */ + if (!(evm_initialized & EVM_INIT_X509) && is_unsupported_fs(dentry)) return INTEGRITY_UNKNOWN; /* if status is not PASS, try to check again - against -ENOMEM */ @@ -260,7 +264,8 @@ static enum integrity_status evm_verify_hmac(struct dentry *dentry, evm_status = INTEGRITY_PASS_IMMUTABLE; } else if (!IS_RDONLY(inode) && !(inode->i_sb->s_readonly_remount) && - !IS_IMMUTABLE(inode)) { + !IS_IMMUTABLE(inode) && + !is_unsupported_fs(dentry)) { evm_update_evmxattr(dentry, xattr_name, xattr_value, xattr_value_len); @@ -418,9 +423,6 @@ enum integrity_status evm_verifyxattr(struct dentry *dentry, if (!evm_key_loaded() || !evm_protected_xattr(xattr_name)) return INTEGRITY_UNKNOWN; - if (is_unsupported_fs(dentry)) - return INTEGRITY_UNKNOWN; - return evm_verify_hmac(dentry, xattr_name, xattr_value, xattr_value_len); } |