Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit ffb122de authored by Petr Vorel's avatar Petr Vorel Committed by Mimi Zohar
Browse files

ima: Reflect correct permissions for policy 



Kernel configured as CONFIG_IMA_READ_POLICY=y && CONFIG_IMA_WRITE_POLICY=n
keeps 0600 mode after loading policy. Remove write permission to state
that policy file no longer be written.

Signed-off-by: default avatarPetr Vorel <pvorel@suse.cz>
Signed-off-by: default avatarMimi Zohar <zohar@linux.vnet.ibm.com>
parent 890e2abe

security/integrity/ima/ima_fs.c

+2 −0
Original line number Diff line number Diff line
@@ -434,6 +434,8 @@ static int ima_release_policy(struct inode *inode, struct file *file) 
	ima_policy = NULL;

#elif defined(CONFIG_IMA_WRITE_POLICY)

	clear_bit(IMA_FS_BUSY, &ima_fs_flags);

#elif defined(CONFIG_IMA_READ_POLICY)

	inode->i_mode &= ~S_IWUSR;

#endif

	return 0;

}