Hello,
persisting files opened with O_TMPFILE doesn't seem to work on IMA as
expected: The IMA xattr won't be written. This makes it impossible to
access the file later.
The following example application, based on the O_TMPFILE example from
man 2 open
will demonstrate this:
#include <fcntl.h>
#include <unistd.h>
#include <linux/limits.h>
#include <stdio.h>
int main(int argc, char *argv[]) {
char path[PATH_MAX];
int fd = open("/tmp", __O_TMPFILE | O_RDWR, S_IRUSR | S_IWUSR);
write(fd, "test", 4);
snprintf(path, PATH_MAX, "/proc/self/fd/%d", fd);
linkat(AT_FDCWD, path, AT_FDCWD, "/tmp/tmpfile_persisted.txt",
AT_SYMLINK_FOLLOW);
}
(/tmp should not be a tmpfs of course; change to paths to a supported
file system if necessary.)
This was discovered when trying to understand why IMA is failing on
overlayfs during truncated copy_up operations (see thread "PROBLEM: IMA
xattrs not written on overlayfs" from September / October), though this
is probably a different problem.
Ignaz
