Lines Matching full:evm
14 #define pr_fmt(fmt) "EVM: "fmt
21 #include <linux/evm.h>
28 #include "evm.h"
85 __setup("evm=", evm_set_fixmode);
93 pr_info("Initialising EVM extended attributes:\n"); in evm_init_config()
115 * errors, based on the ability of EVM to calculate HMACs. If the HMAC key
155 * evm_verify_hmac - calculate and compare the HMAC with the EVM xattr
158 * and compare it against the stored security.evm xattr.
319 * evm_read_protected_xattrs - read EVM protected xattr names, lengths, values
395 * security.evm xattr. For performance, use the xattr value and length
426 * before EVM is initialized or in 'fix' mode.
445 * Check if passed ACL changes the inode mode, which is protected by EVM.
461 * ACL_{GROUP,USER} don't matter since EVM is only interested in the in evm_xattr_acl_change()
469 * Frankly, EVM shouldn't try to interpret the uapi struct for POSIX in evm_xattr_acl_change()
535 * evm_protect_xattr - protect the EVM extended attribute
537 * Prevent security.evm from being modified or removed without the
541 * affect security.evm. An interesting side affect of writing posix xattr
542 * acls is their modifying of the i_mode, which is included in security.evm.
543 * For posix xattr acls only, permit security.evm, even if it currently
544 * doesn't exist, to be updated unless the EVM signature is immutable.
616 * evm_inode_setxattr - protect the EVM extended attribute
623 * Before allowing the 'security.evm' protected xattr to be updated,
625 * access to the EVM encrypted key needed to calculate the HMAC, prevent
626 * userspace from writing HMAC value. Writing 'security.evm' requires
653 * evm_inode_removexattr - protect the EVM extended attribute
658 * Removing 'security.evm' requires CAP_SYS_ADMIN privileges and that
683 * evm_revalidate_status - report whether EVM status re-validation is necessary
687 * EVM status.
708 * evm_inode_post_setxattr - update 'security.evm' to reflect the changes
714 * Update the HMAC stored in 'security.evm' to reflect the change.
738 * evm_inode_post_removexattr - update 'security.evm' after removing the xattr
742 * Update the HMAC stored in 'security.evm' to reflect removal of the xattr.
778 * evm_inode_setattr - prevent updating an invalid EVM extended attribute
781 * Permit update of file attributes when files have a valid EVM signature,
821 * evm_inode_post_setattr - update 'security.evm' after modifying metadata
825 * For now, update the HMAC stored in 'security.evm' to reflect UID/GID
846 * evm_inode_init_security - initializes security.evm HMAC value