Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 9957a504 authored Mar 09, 2011 by Mimi Zohar

ima: add inode_post_setattr call



Changing an inode's metadata may result in our not needing to appraise
the file.  In such cases, we must remove 'security.ima'.

Changelog v1:
- use ima_inode_post_setattr() stub function, if IMA_APPRAISE not configured

Signed-off-by: Mimi Zohar <zohar@us.ibm.com>
Acked-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>

parent a10bf26b

fs/attr.c

+2 −0

Original line number	Diff line number	Diff line
		@@ -14,6 +14,7 @@
		#include <linux/fcntl.h>
		#include <linux/security.h>
		#include <linux/evm.h>
		#include <linux/ima.h>

		/**
		* inode_change_ok - check if attribute changes to an inode are allowed
		@@ -247,6 +248,7 @@ int notify_change(struct dentry * dentry, struct iattr * attr)

		if (!error) {
		fsnotify_change(dentry, ia_valid);
		ima_inode_post_setattr(dentry);
		evm_inode_post_setattr(dentry, ia_valid);
		}

include/linux/ima.h

+10 −0

Original line number	Diff line number	Diff line
		@@ -39,5 +39,15 @@ static inline int ima_file_mmap(struct file *file, unsigned long prot)
		{
		return 0;
		}

		#endif /* CONFIG_IMA_H */

		#ifdef CONFIG_IMA_APPRAISE
		extern void ima_inode_post_setattr(struct dentry *dentry);
		#else
		static inline void ima_inode_post_setattr(struct dentry *dentry)
		{
		return;
		}
		#endif /* CONFIG_IMA_APPRAISE_H */
		#endif /* _LINUX_IMA_H */