28 Jul
2020
28 Jul
'20
3:58 p.m.
On 2020/7/28 15:40, Roberto Sassu wrote:
hulk inclusion category: feature feature: digest-lists
---------------------------
A fake IMA xattr is created to perform EVM verification even if security.ima is not present. Appraisal could succeed if EVM status is unknown and the file digest is found in a digest list.
This patch allocates a larger buffer to store fake IMA xattrs (struct evm_ima_xattr_data can be used only for SHA1 digests).
Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
Hi Roberto, would you mind adding a cover letter to describe why we need this patch set? and what's the relationship with your previous IMA patch set? Thanks Hanjun