git.monstr.eu Git - linux-2.6-microblaze.git/commit

author	Mimi Zohar <zohar@linux.vnet.ibm.com>
	Mon, 29 Feb 2016 13:30:12 +0000 (08:30 -0500)
committer	Mimi Zohar <zohar@linux.vnet.ibm.com>
	Sun, 1 May 2016 13:23:52 +0000 (09:23 -0400)
commit	42a4c603198f0d45b7aa936d3ac6ba1b8bd14a1b
tree	fca744f08e4a7e7563ff5f691a9d75766853c654	tree \| snapshot
parent	39d637af5aa7577f655c58b9e55587566c63a0af	commit \| diff

ima: fix ima_inode_post_setattr

Changing file metadata (eg. uid, guid) could result in having to
re-appraise a file's integrity, but does not change the "new file"
status nor the security.ima xattr. The IMA_PERMIT_DIRECTIO and
IMA_DIGSIG_REQUIRED flags are policy rule specific. This patch
only resets these flags, not the IMA_NEW_FILE or IMA_DIGSIG flags.

With this patch, changing the file timestamp will not remove the
file signature on new files.

Reported-by: Dmitry Rozhkov <dmitry.rozhkov@linux.intel.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Tested-by: Dmitry Rozhkov <dmitry.rozhkov@linux.intel.com>

security/integrity/ima/ima_appraise.c		diff \| blob \| history
security/integrity/integrity.h		diff \| blob \| history