• Matthew Garrett's avatar
    EVM: Allow runtime modification of the set of verified xattrs · fa516b66
    Matthew Garrett authored
    Sites may wish to provide additional metadata alongside files in order
    to make more fine-grained security decisions[1]. The security of this is
    enhanced if this metadata is protected, something that EVM makes
    possible. However, the kernel cannot know about the set of extended
    attributes that local admins may wish to protect, and hardcoding this
    policy in the kernel makes it difficult to change over time and less
    convenient for distributions to enable.
    
    This patch adds a new /sys/kernel/security/integrity/evm/evm_xattrs node,
    which can be read to obtain the current set of EVM-protected extended
    attributes or written to in order to add new entries. Extending this list
    will not change the validity of any existing signatures provided that the
    file in question does not have any of the additional extended attributes -
    missing xattrs are skipped when calculating the EVM hash.
    
    [1] For instance, a package manager could install information about the
    package uploader in an additional extended attribute. Local LSM policy
    could then be associated with that extended attribute in order to
    restrict the privileges available to packages from less trusted
    uploaders.
    Signed-off-by: default avatarMatthew Garrett <mjg59@google.com>
    Reviewed-by: default avatarJames Morris <james.morris@microsoft.com>
    Signed-off-by: default avatarMimi Zohar <zohar@linux.vnet.ibm.com>
    fa516b66
evm_secfs.c 7.03 KB