This patch inserts the call evm_inode_post_removexattr() after removing the 'security.ima' extended attribute in the function ima_inode_post_setattr() in order to keep 'security.evm' up to date. Signed-off-by: Roberto Sassu <roberto.sassu@xxxxxxxxx> --- security/integrity/ima/ima_main.c | 5 ++++- 1 files changed, 4 insertions(+), 1 deletions(-) diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index 32dadfa..df92f4d 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -25,6 +25,7 @@ #include <linux/slab.h> #include <linux/xattr.h> #include <linux/ima.h> +#include <linux/evm.h> #include "ima.h" @@ -365,8 +366,10 @@ void ima_inode_post_setattr(struct dentry *dentry) iint->flags &= ~(IMA_APPRAISE | IMA_APPRAISED); must_appraise = ima_must_appraise(iint, inode, MAY_ACCESS, POST_SETATTR); - if (!must_appraise) + if (!must_appraise) { rc = inode->i_op->removexattr(dentry, XATTR_NAME_IMA); + evm_inode_post_removexattr(dentry, XATTR_NAME_IMA); + } mutex_unlock(&iint->mutex); kref_put(&iint->refcount, iint_free); return; -- 1.7.2.3
Attachment:
smime.p7s
Description: S/MIME cryptographic signature