# git rev-parse -q --verify 18b44bc5a67275641fb26f2c54ba7eef80ac5950^{commit} 18b44bc5a67275641fb26f2c54ba7eef80ac5950 already have revision, skipping fetch # git checkout -q -f -B kisskb 18b44bc5a67275641fb26f2c54ba7eef80ac5950 # git clean -qxdf # < git log -1 # commit 18b44bc5a67275641fb26f2c54ba7eef80ac5950 # Author: Eric Snowberg # Date: Tue Jul 25 17:56:46 2023 -0400 # # ovl: Always reevaluate the file signature for IMA # # Commit db1d1e8b9867 ("IMA: use vfs_getattr_nosec to get the i_version") # partially closed an IMA integrity issue when directly modifying a file # on the lower filesystem. If the overlay file is first opened by a user # and later the lower backing file is modified by root, but the extended # attribute is NOT updated, the signature validation succeeds with the old # original signature. # # Update the super_block s_iflags to SB_I_IMA_UNVERIFIABLE_SIGNATURE to # force signature reevaluation on every file access until a fine grained # solution can be found. # # Signed-off-by: Eric Snowberg # Signed-off-by: Mimi Zohar # Signed-off-by: Linus Torvalds # < /opt/cross/kisskb/korg/gcc-8.5.0-nolibc/x86_64-linux/bin/x86_64-linux-gcc --version # < /opt/cross/kisskb/korg/gcc-8.5.0-nolibc/x86_64-linux/bin/x86_64-linux-ld --version # < git log --format=%s --max-count=1 18b44bc5a67275641fb26f2c54ba7eef80ac5950 # make -s -j 40 ARCH=x86 O=/kisskb/build/linus_allmodconfig_x86_64-gcc8 CROSS_COMPILE=/opt/cross/kisskb/korg/gcc-8.5.0-nolibc/x86_64-linux/bin/x86_64-linux- allmodconfig # Added to kconfig CONFIG_BUILD_DOCSRC=n # Added to kconfig CONFIG_MODULE_SIG=n # Added to kconfig CONFIG_SAMPLES=n # Added to kconfig CONFIG_GCC_PLUGINS=n # Added to kconfig # < make -s -j 40 ARCH=x86 O=/kisskb/build/linus_allmodconfig_x86_64-gcc8 CROSS_COMPILE=/opt/cross/kisskb/korg/gcc-8.5.0-nolibc/x86_64-linux/bin/x86_64-linux- help # make -s -j 40 ARCH=x86 O=/kisskb/build/linus_allmodconfig_x86_64-gcc8 CROSS_COMPILE=/opt/cross/kisskb/korg/gcc-8.5.0-nolibc/x86_64-linux/bin/x86_64-linux- olddefconfig # make -s -j 40 ARCH=x86 O=/kisskb/build/linus_allmodconfig_x86_64-gcc8 CROSS_COMPILE=/opt/cross/kisskb/korg/gcc-8.5.0-nolibc/x86_64-linux/bin/x86_64-linux- Completed OK # rm -rf /kisskb/build/linus_allmodconfig_x86_64-gcc8 # Build took: 0:13:28.626483