qiurui
/
RHEL-kernel-ark
mirror of https://gitlab.com/cki-project/kernel-ark.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
RHEL-kernel-ark/security/integrity/ima
History
Roberto Sassu 57a0ef02fe ima: Reset IMA_NONACTION_RULE_FLAGS after post_setattr 
Commit 0d73a55208 ("ima: re-introduce own integrity cache lock")
mistakenly reverted the performance improvement introduced in commit
42a4c60319 ("ima: fix ima_inode_post_setattr"). The unused bit mask was
subsequently removed by commit 11c60f23ed ("integrity: Remove unused
macro IMA_ACTION_RULE_FLAGS").

Restore the performance improvement by introducing the new mask
IMA_NONACTION_RULE_FLAGS, equal to IMA_NONACTION_FLAGS without
IMA_NEW_FILE, which is not a rule-specific flag.

Finally, reset IMA_NONACTION_RULE_FLAGS instead of IMA_NONACTION_FLAGS in
process_measurement(), if the IMA_CHANGE_ATTR atomic flag is set (after
file metadata modification).

With this patch, new files for which metadata were modified while they are
still open, can be reopened before the last file close (when security.ima
is written), since the IMA_NEW_FILE flag is not cleared anymore. Otherwise,
appraisal fails because security.ima is missing (files with IMA_NEW_FILE
set are an exception).

Cc: stable@vger.kernel.org # v4.16.x
Fixes: 0d73a55208 ("ima: re-introduce own integrity cache lock")
Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
 		2025-02-04 21:36:43 -05:00
..
Kconfig ima: Move to LSM infrastructure 2024-02-15 23:43:46 -05:00
Makefile ima: Make it independent from 'integrity' LSM 2024-02-15 23:43:47 -05:00
ima.h ima: Reset IMA_NONACTION_RULE_FLAGS after post_setattr 2025-02-04 21:36:43 -05:00
ima_api.c lsm: use lsm_prop in security_current_getsecid 2024-10-11 14:34:14 -04:00
ima_appraise.c ima: instantiate the bprm_creds_for_exec() hook 2024-12-18 17:00:29 -08:00
ima_asymmetric_keys.c
ima_crypto.c ima: add crypto agility support for template-hash algorithm 2024-04-12 09:59:04 -04:00
ima_efi.c ima: require signed IMA policy when UEFI secure boot is enabled 2023-08-01 08:18:11 -04:00
ima_fs.c ima: fix wrong zero-assignment during securityfs dentry remove 2024-06-03 16:37:22 -04:00
ima_iint.c lsm: add the inode_free_security_rcu() LSM implementation hook 2024-08-12 15:35:04 -04:00
ima_init.c ima: Suspend PCR extends and log appends when rebooting 2024-12-11 11:55:53 -05:00
ima_kexec.c ima: kexec: silence RCU list traversal warning 2024-12-24 13:56:45 -05:00
ima_main.c ima: Reset IMA_NONACTION_RULE_FLAGS after post_setattr 2025-02-04 21:36:43 -05:00
ima_modsig.c ima: Add __counted_by for struct modsig and use struct_size() 2023-10-20 10:52:41 -07:00
ima_mok.c
ima_policy.c ima: ignore suffixed policy rule comments 2025-01-03 10:18:43 -05:00
ima_queue.c ima: Suspend PCR extends and log appends when rebooting 2024-12-11 11:55:53 -05:00
ima_queue_keys.c
ima_template.c
ima_template_lib.c ima: fix buffer overrun in ima_eventdigest_init_common 2024-10-09 22:49:24 -04:00
ima_template_lib.h