Backports the following two patches to fix the issue of IMA mishandling LSM based rule during LSM policy update, causing a file to match an unexpected rule. Some changes were made to these patches, which was stated in the commit message of corresponding patch. GUO Zihua (1): ima: Handle -ESTALE returned by ima_filter_rule_match() Janne Karhunen (1): ima: use the lsm policy update notifier security/integrity/ima/ima.h | 2 + security/integrity/ima/ima_main.c | 8 ++ security/integrity/ima/ima_policy.c | 153 +++++++++++++++++++++++----- 3 files changed, 137 insertions(+), 26 deletions(-) -- 2.17.1
