mirrors/meta-security
1
0
Fork 0
mirror of https://git.yoctoproject.org/meta-security synced 2026-05-07 16:59:28 +00:00
Code Issues Projects Releases Wiki Activity
1,722 Commits 39 Branches 0 Tags
wrynose
Commit Graph

7 Commits

Author SHA1 Message Date
Armin Kuster d47553303c meta-integrity: drop ima.cfg in favor of new k-cache 
The upstream ima.cfg kernel-cache has been updated.
Use it instead.

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2023-07-31 06:18:52 -04:00
Stefan Berger 504f402ac5 integrity: Fix the do_configure function 
Append ':append' to do_configure so it does not replace all existing
do_configure's.

Only run 'sed' when DISTRO_FEATURES contains 'ima' and the .config file
exists.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2023-05-13 06:06:29 -04:00
Stefan Berger 25dc18d696 linux: overlayfs: Drop kernel patch resolving a file change notification issue 
Revert the patch resolving a file change notitfication issue (for IMA
appraisal) since this patch fails in 'many downstream kernels'.

- https://lists.yoctoproject.org/g/yocto/message/59928
- https://lists.yoctoproject.org/g/yocto/message/59929

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2023-05-13 06:06:29 -04:00
Stefan Berger 319522e00d linux: overlayfs: Add kernel patch resolving a file change notification issue 
Add a temporary patch that resolves a file change notification issue
with overlayfs where IMA did not become aware of the file changes
since the 'lower' inode's i_version had not changed. The issue will be
resolved in later kernels with the following patch that builds on
newly addd feature (support for STATX_CHANGE_COOKIE) in v6.3-rc1:

https://lore.kernel.org/linux-integrity/20230418-engste-gastwirtschaft-601fb389bba5@brauner/T/#m3bf84296fe9e6499abb6e3191693948add2ff459

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2023-05-06 07:54:09 -04:00
Stefan Berger f4f7624d2e ima: Fix the IMA kernel feature 
Fix the IMA kernel feature. Remove outdated patches and add ima.cfg holding
kernel configuration options for IMA and EVM.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2023-05-06 07:54:09 -04:00
Armin Kuster b8554aae23 meta-integrity: Convert to new override syntax 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-08-01 08:47:08 -07:00
Armin Kuster 48c7b34ec3 meta-integrity/recipe-kernel: use sanity check 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-06-06 13:03:37 -07:00