On Thu, Jan 17, 2019 at 1:22 AM Goldwyn Rodrigues <rgoldwyn@xxxxxxx> wrote: > > Since copy_up() happens when you are modifying a file on overlay, > it is still a new file for the underlying filesystem. Mark it > in IMA for re-evaluating as a new file. > > Putting ima calls within overlayfs may not be the best method, but this is > the only one which I thought would work. > Doesn't look right. Overlayfs creates the new inode with vfs_tmpfile() and I think that is where you should plug the IMA hook. > Here is a test case: > mount /dev/vdb /lower > mount /dev/vdc /upper > echo "Original contents" > /lower/existingfile.txt > mount -t overlay overlay /mnt -o upperdir=/upper/upper,workdir=/upper/workdir,lowerdir=/lower > echo "New contents" > /mnt/existingfile.txt > I bet you can reproduce that same issue without overlayfs by creating an O_TMPFILE from userspace. The ima_file_check() hook in do_last() does not cover the O_TMPFILE case. Thanks, Amir.
