1 files changed, 11 insertions, 0 deletions
diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/evm_main.c
index 10f994307a04..582091498819 100644
--- a/security/integrity/evm/evm_main.c
+++ b/security/integrity/evm/evm_main.c
@@ -296,6 +296,17 @@ static int evm_protect_xattr(struct dentry *dentry, const char *xattr_name,
                iint = integrity_iint_find(d_backing_inode(dentry));
                if (iint && (iint->flags & IMA_NEW_FILE))
                        return 0;
+                /* exception for pseudo filesystems */
+                if (dentry->d_inode->i_sb->s_magic == TMPFS_MAGIC
+                    || dentry->d_inode->i_sb->s_magic == SYSFS_MAGIC)
+                        return 0;
+                integrity_audit_msg(AUDIT_INTEGRITY_METADATA,
+                                    dentry->d_inode, dentry->d_name.name,
+                                    "update_metadata",
+                                    integrity_status_msg[evm_status],
+                                    -EPERM, 0);
        }
 out:
        if (evm_status != INTEGRITY_PASS)

diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/evm_main.c index 10f994307a04..582091498819 100644 --- a/security/integrity/evm/evm_main.c +++ b/security/integrity/evm/evm_main.c
@@ -296,6 +296,17 @@ static int evm_protect_xattr(struct dentry dentry, const char xattr_name,
296	iint = integrity_iint_find(d_backing_inode(dentry));	296	iint = integrity_iint_find(d_backing_inode(dentry));
297	if (iint && (iint->flags & IMA_NEW_FILE))	297	if (iint && (iint->flags & IMA_NEW_FILE))
298	return 0;	298	return 0;
		299
		300	/* exception for pseudo filesystems */
		301	if (dentry->d_inode->i_sb->s_magic == TMPFS_MAGIC
		302	\|\| dentry->d_inode->i_sb->s_magic == SYSFS_MAGIC)
		303	return 0;
		304
		305	integrity_audit_msg(AUDIT_INTEGRITY_METADATA,
		306	dentry->d_inode, dentry->d_name.name,
		307	"update_metadata",
		308	integrity_status_msg[evm_status],
		309	-EPERM, 0);
299	}	310	}
300	out:	311	out:
301	if (evm_status != INTEGRITY_PASS)	312	if (evm_status != INTEGRITY_PASS)