Mimi Zohar 0327683c55 ima: limit the number of ToMToU integrity violations ... commit a414016218ca97140171aa3bb926b02e1f68c2cc upstream. Each time a file in policy, that is already opened for read, is opened for write, a Time-of-Measure-Time-of-Use (ToMToU) integrity violation audit message is emitted and a violation record is added to the IMA measurement list. This occurs even if a ToMToU violation has already been recorded. Limit the number of ToMToU integrity violations per file open for read. Note: The IMA_MAY_EMIT_TOMTOU atomic flag must be set from the reader side based on policy. This may result in a per file open for read ToMToU violation. Since IMA_MUST_MEASURE is only used for violations, rename the atomic IMA_MUST_MEASURE flag to IMA_MAY_EMIT_TOMTOU. Cc: stable@vger.kernel.org # applies cleanly up to linux-6.6 Tested-by: Stefan Berger <stefanb@linux.ibm.com> Reviewed-by: Petr Vorel <pvorel@suse.cz> Tested-by: Petr Vorel <pvorel@suse.cz> Reviewed-by: Roberto Sassu <roberto.sassu@huawei.com> Signed-off-by: Mimi Zohar <zohar@linux.ibm.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>		2025-04-20 10:15:43 +02:00
..
evm	evm: stop avoidably reading i_writecount in evm_file_release	2024-10-09 22:49:40 -04:00
ima	ima: limit the number of ToMToU integrity violations	2025-04-20 10:15:43 +02:00
platform_certs	Hi,	2023-08-29 08:05:18 -07:00
digsig_asymmetric.c	crypto: sm2 - Remove sm2 algorithm	2024-06-07 19:46:39 +08:00
digsig.c	integrity: eliminate unnecessary "Problem loading X.509 certificate" msg	2024-02-16 08:04:17 -05:00
iint.c	integrity: Remove LSM	2024-02-15 23:43:48 -05:00
integrity_audit.c	integrity: check the return value of audit_log_start()	2022-02-02 11:44:23 -05:00
integrity.h	integrity: Use static_assert() to check struct sizes	2024-10-09 22:49:40 -04:00
Kconfig	integrity-v6.7	2023-11-02 06:53:22 -10:00
Makefile	ima: Move to LSM infrastructure	2024-02-15 23:43:46 -05:00