evm: prohibit userspace writing 'security.evm' HMAC value
authorMimi Zohar <zohar@linux.vnet.ibm.com>
Sun, 11 May 2014 04:05:23 +0000 (00:05 -0400)
committerMimi Zohar <zohar@linux.vnet.ibm.com>
Thu, 12 Jun 2014 21:58:07 +0000 (17:58 -0400)
commit2fb1c9a4f2dbc2f0bd2431c7fa64d0b5483864e4
treee4a1c5fd8871eaba1b2bb0b65405d9cb0d4bd6f6
parent14503eb99414ceffe348b82982d5770b745f6626
evm: prohibit userspace writing 'security.evm' HMAC value

Calculating the 'security.evm' HMAC value requires access to the
EVM encrypted key.  Only the kernel should have access to it.  This
patch prevents userspace tools(eg. setfattr, cp --preserve=xattr)
from setting/modifying the 'security.evm' HMAC value directly.

Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Cc: <stable@vger.kernel.org>
security/integrity/evm/evm_main.c