Commit f422f975 authored by Mimi Zohar's avatar Mimi Zohar Committed by Jiri Slaby
Browse files

evm: prohibit userspace writing 'security.evm' HMAC value 



commit 2fb1c9a4 upstream.

Calculating the 'security.evm' HMAC value requires access to the
EVM encrypted key.  Only the kernel should have access to it.  This
patch prevents userspace tools(eg. setfattr, cp --preserve=xattr)
from setting/modifying the 'security.evm' HMAC value directly.

Signed-off-by: default avatarMimi Zohar <zohar@linux.vnet.ibm.com>
Signed-off-by: default avatarJiri Slaby <jslaby@suse.cz>
parent 4a380229
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment