• Matthew Garrett's avatar
    EVM: Allow userland to permit modification of EVM-protected metadata · ae1ba167
    Matthew Garrett authored
    When EVM is enabled it forbids modification of metadata protected by
    EVM unless there is already a valid EVM signature. If any modification
    is made, the kernel will then generate a new EVM HMAC. However, this
    does not map well on use cases which use only asymmetric EVM signatures,
    as in this scenario the kernel is unable to generate new signatures.
    
    This patch extends the /sys/kernel/security/evm interface to allow
    userland to request that modification of these xattrs be permitted. This
    is only permitted if no keys have already been loaded. In this
    configuration, modifying the metadata will invalidate the EVM appraisal
    on the file in question. This allows packaging systems to write out new
    files, set the relevant extended attributes and then move them into
    place.
    
    There's also some refactoring of the use of evm_initialized in order to
    avoid heading down codepaths that assume there's a key available.
    Signed-off-by: default avatarMatthew Garrett <mjg59@google.com>
    Signed-off-by: default avatarMimi Zohar <zohar@linux.vnet.ibm.com>
    ae1ba167
evm_main.c 15.1 KB