2010-11-02 10:07:43

by Roberto Sassu

[permalink] [raw]
Subject: [PATCH 3/3] ima: call evm_inode_post_removexattr() in ima_inode_post_setattr()

This patch inserts the call evm_inode_post_removexattr() after removing
the 'security.ima' extended attribute in the function
ima_inode_post_setattr() in order to keep 'security.evm' up to date.

Signed-off-by: Roberto Sassu <[email protected]>
---
security/integrity/ima/ima_main.c | 5 ++++-
1 files changed, 4 insertions(+), 1 deletions(-)

diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
index 32dadfa..df92f4d 100644
--- a/security/integrity/ima/ima_main.c
+++ b/security/integrity/ima/ima_main.c
@@ -25,6 +25,7 @@
#include <linux/slab.h>
#include <linux/xattr.h>
#include <linux/ima.h>
+#include <linux/evm.h>

#include "ima.h"

@@ -365,8 +366,10 @@ void ima_inode_post_setattr(struct dentry *dentry)
iint->flags &= ~(IMA_APPRAISE | IMA_APPRAISED);
must_appraise = ima_must_appraise(iint, inode, MAY_ACCESS,
POST_SETATTR);
- if (!must_appraise)
+ if (!must_appraise) {
rc = inode->i_op->removexattr(dentry, XATTR_NAME_IMA);
+ evm_inode_post_removexattr(dentry, XATTR_NAME_IMA);
+ }
mutex_unlock(&iint->mutex);
kref_put(&iint->refcount, iint_free);
return;
--
1.7.2.3


Attachments:
smime.p7s (4.60 kB)