> diff --git a/security/integrity/evm/evm_secfs.c b/security/integrity/evm/evm_secfs.c > index 319cf16d6603..0ce5134d3de5 100644 > --- a/security/integrity/evm/evm_secfs.c > +++ b/security/integrity/evm/evm_secfs.c > @@ -81,6 +81,10 @@ static ssize_t evm_write_key(struct file *file, const char __user *buf, > return ret; > /* Forbid further writes after the symmetric key is loaded */ > i |= EVM_SETUP; > + /* Don't allow protected xattr modification if a > + * symmetric key is loaded > + */ > + i &= ~(EVM_PERMIT_XATTR_WRITES); > } > > evm_initialized |= i; Is "|= i" now correct?
