lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 17 Mar 2022 11:58:24 -0400 From: Mimi Zohar <zohar@...ux.ibm.com> To: Eric Biggers <ebiggers@...nel.org> Cc: linux-integrity@...r.kernel.org, Stefan Berger <stefanb@...ux.ibm.com>, linux-fscrypt@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH v5 5/8] ima: permit fsverity's file digests in the IMA measurement list > diff --git a/security/integrity/integrity.h b/security/integrity/integrity.h > > index daf49894fd7d..39a999877013 100644 > > --- a/security/integrity/integrity.h > > +++ b/security/integrity/integrity.h > > @@ -32,7 +32,7 @@ > > #define IMA_HASHED 0x00000200 > > > > /* iint policy rule cache flags */ > > -#define IMA_NONACTION_FLAGS 0xff000000 > > +#define IMA_NONACTION_FLAGS 0xff800000 > > #define IMA_DIGSIG_REQUIRED 0x01000000 > > #define IMA_PERMIT_DIRECTIO 0x02000000 > > #define IMA_NEW_FILE 0x04000000 > > @@ -40,6 +40,8 @@ > > #define IMA_FAIL_UNVERIFIABLE_SIGS 0x10000000 > > #define IMA_MODSIG_ALLOWED 0x20000000 > > #define IMA_CHECK_BLACKLIST 0x40000000 > > +#define IMA_VERITY_REQUIRED 0x80000000 > > +#define IMA_VERITY_DIGEST 0x00800000 > > How about defining these flags in numerical order? Originally I increased the flags size, but I'd like to avoid as much patch churn as possible for the namespacing patch set. Mimi
Powered by blists - more mailing lists