This patch adds a call to evm_reset_status() in evm_inode_post_setattr(),
before security.evm is updated. The same is done in the other
evm_inode_post_* functions.
Fixes: 523b74b16bcbb ("evm: reset EVM status when file attributes change")
Signed-off-by: Roberto Sassu <roberto.sassu@xxxxxxxxxx>
Cc: stable@xxxxxxxxxxxxxxx
---
security/integrity/evm/evm_main.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/evm_main.c
index b6d9f14bc234..b41c2d8a8834 100644
--- a/security/integrity/evm/evm_main.c
+++ b/security/integrity/evm/evm_main.c
@@ -512,8 +512,11 @@ void evm_inode_post_setattr(struct dentry *dentry, int ia_valid)
if (!evm_key_loaded())
return;
- if (ia_valid & (ATTR_MODE | ATTR_UID | ATTR_GID))
+ if (ia_valid & (ATTR_MODE | ATTR_UID | ATTR_GID)) {
+ evm_reset_status(dentry->d_inode);
+
evm_update_evmxattr(dentry, NULL, NULL, 0);
+ }
}
/*
--
2.17.1
