diff options
| author | Mimi Zohar <[email protected]> | 2025-01-27 15:45:48 +0000 |
|---|---|---|
| committer | Mimi Zohar <[email protected]> | 2025-03-27 16:40:12 +0000 |
| commit | a414016218ca97140171aa3bb926b02e1f68c2cc (patch) | |
| tree | a04429b21fb96d9eed41200ccb31eb16b03ad847 /drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | |
| parent | ima: limit the number of open-writers integrity violations (diff) | |
| download | kernel-a414016218ca97140171aa3bb926b02e1f68c2cc.tar.gz kernel-a414016218ca97140171aa3bb926b02e1f68c2cc.zip | |
ima: limit the number of ToMToU integrity violations
Each time a file in policy, that is already opened for read, is opened
for write, a Time-of-Measure-Time-of-Use (ToMToU) integrity violation
audit message is emitted and a violation record is added to the IMA
measurement list. This occurs even if a ToMToU violation has already
been recorded.
Limit the number of ToMToU integrity violations per file open for read.
Note: The IMA_MAY_EMIT_TOMTOU atomic flag must be set from the reader
side based on policy. This may result in a per file open for read
ToMToU violation.
Since IMA_MUST_MEASURE is only used for violations, rename the atomic
IMA_MUST_MEASURE flag to IMA_MAY_EMIT_TOMTOU.
Cc: [email protected] # applies cleanly up to linux-6.6
Tested-by: Stefan Berger <[email protected]>
Reviewed-by: Petr Vorel <[email protected]>
Tested-by: Petr Vorel <[email protected]>
Reviewed-by: Roberto Sassu <[email protected]>
Signed-off-by: Mimi Zohar <[email protected]>
Diffstat (limited to 'drivers/gpu/drm/amd/amdgpu/amdgpu_device.c')
0 files changed, 0 insertions, 0 deletions