mirrors/meta-security
1
0
Fork 0
mirror of https://git.yoctoproject.org/meta-security synced 2026-04-20 11:29:37 +00:00
Code Issues Projects Releases Wiki Activity
1,347 Commits 38 Branches 0 Tags
5dff4e47af3996ea4c4fbbaaae1c9358cce67d1d
Commit Graph

11 Commits

Author SHA1 Message Date
Stefan Berger
5dff4e47af ima: Drop kernel config option CONFIG_SQUASHFS_XATTR=y from ima.cfg 
Drop the kernel config option CONFIG_SQUASHFS_XATTR=y from ima.cfg.
Instead, require projects that use squashfs to set this option.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2023-05-13 06:06:29 -04:00
Stefan Berger
25dc18d696 linux: overlayfs: Drop kernel patch resolving a file change notification issue 
Revert the patch resolving a file change notitfication issue (for IMA
appraisal) since this patch fails in 'many downstream kernels'.

- https://lists.yoctoproject.org/g/yocto/message/59928
- https://lists.yoctoproject.org/g/yocto/message/59929

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2023-05-13 06:06:29 -04:00
Stefan Berger
319522e00d linux: overlayfs: Add kernel patch resolving a file change notification issue 
Add a temporary patch that resolves a file change notification issue
with overlayfs where IMA did not become aware of the file changes
since the 'lower' inode's i_version had not changed. The issue will be
resolved in later kernels with the following patch that builds on
newly addd feature (support for STATX_CHANGE_COOKIE) in v6.3-rc1:

https://lore.kernel.org/linux-integrity/20230418-engste-gastwirtschaft-601fb389bba5@brauner/T/#m3bf84296fe9e6499abb6e3191693948add2ff459

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2023-05-06 07:54:09 -04:00
Stefan Berger
f4f7624d2e ima: Fix the IMA kernel feature 
Fix the IMA kernel feature. Remove outdated patches and add ima.cfg holding
kernel configuration options for IMA and EVM.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2023-05-06 07:54:09 -04:00
Armin Kuster
b8554aae23 meta-integrity: Convert to new override syntax 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-08-01 08:47:08 -07:00
Armin Kuster
48c7b34ec3 meta-integrity/recipe-kernel: use sanity check 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-06-06 13:03:37 -07:00
Armin Kuster
0a32d622c8 meta-integrity: remove kernel fragments now in cache 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-08-15 20:10:33 -07:00
Dmitry Eremin-Solenikov
eebe0ff18a linux: add support for kernel modules signing 
Signed-off-by: Dmitry Eremin-Solenikov <dmitry_eremin-solenikov@mentor.com>
 2019-08-07 07:09:50 -07:00
Armin Kuster
e7771ce287 linux: update bbappend 
remove untested code

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-05-28 07:38:52 -07:00
Armin Kuster
f26869aef3 ima.cfg: update to 5.0 kernel 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-05-28 07:38:52 -07:00
Armin Kuster
6680225c05 meta-integrity: port over from meta-intel-iot-security 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-05-28 07:38:41 -07:00