]> Gentwo Git Trees - linux/.git/commit
gentwo / linux / .git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 345123d) | patch
ima: add fs_subtype condition for distinguishing FUSE instances
authorJann Horn <jannh@google.com>
Thu, 25 Sep 2025 23:45:07 +0000 (01:45 +0200)
committerMimi Zohar <zohar@linux.ibm.com>
Thu, 16 Oct 2025 15:12:20 +0000 (11:12 -0400)
commit43369273518f57b7d56c1cf12d636a809b7bd81b
treed7a7e3d28552c1b1f6c2e8fd4467e38c93209e01tree | snapshot
parent345123d650db724d53ffee84d7365008c6f729decommit | diff
ima: add fs_subtype condition for distinguishing FUSE instances

Linux systems often use FUSE for several different purposes, where the
contents of some FUSE instances can be of more interest for auditing
than others.

Allow distinguishing between them based on the filesystem subtype
(s_subtype) using the new condition "fs_subtype".

The subtype string is supplied by userspace FUSE daemons
when a FUSE connection is initialized, so policy authors who want to
filter based on subtype need to ensure that FUSE mount operations are
sufficiently audited or restricted.

Signed-off-by: Jann Horn <jannh@google.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Documentation/ABI/testing/ima_policy diff | blob | blame | history
security/integrity/ima/ima_policy.c diff | blob | blame | history
Development tree.