On Tue, 2015-07-28 at 15:01 -0700, Greg KH wrote: > On Tue, Jul 28, 2015 at 05:33:10PM -0400, Mimi Zohar wrote: > > To prevent offline stripping of existing file xattrs and relabeling of > > them at runtime, EVM allows only newly created files to be labeled. As > > pseudo filesystems are not persistent, stripping of xattrs is not a > > concern. > > > > Some LSMs defer file labeling on pseudo filesystems. This patch > > permits the labeling of existing files on pseudo files systems. > > > > Signed-off-by: Mimi Zohar <zohar@xxxxxxxxxxxxxxxxxx> > > (cherry picked from commit 5101a1850bb7ccbf107929dee9af0cd2f400940f) > > --- > > security/integrity/evm/evm_main.c | 11 +++++++++++ > > 1 file changed, 11 insertions(+) > > What stable kernel version(s) do you want this applied to? Commit "3dcbad5 evm: properly handle INTEGRITY_NOXATTRS EVM status" changed how new files were identified, introducing the problem addressed by this patch. Stable branches 4.1.y - 3.17.y and 3.14.y are affected. Mimi -- To unsubscribe from this list: send the line "unsubscribe stable" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html