aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--security/integrity/evm/evm_main.c8
1 files changed, 6 insertions, 2 deletions
diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/evm_main.c
index 7a968faca739..9ea9c19a545c 100644
--- a/security/integrity/evm/evm_main.c
+++ b/security/integrity/evm/evm_main.c
@@ -124,6 +124,7 @@ static enum integrity_status evm_verify_hmac(struct dentry *dentry,
124 struct evm_ima_xattr_data *xattr_data = NULL; 124 struct evm_ima_xattr_data *xattr_data = NULL;
125 struct evm_ima_xattr_data calc; 125 struct evm_ima_xattr_data calc;
126 enum integrity_status evm_status = INTEGRITY_PASS; 126 enum integrity_status evm_status = INTEGRITY_PASS;
127 struct inode *inode;
127 int rc, xattr_len; 128 int rc, xattr_len;
128 129
129 if (iint && (iint->evm_status == INTEGRITY_PASS || 130 if (iint && (iint->evm_status == INTEGRITY_PASS ||
@@ -178,12 +179,15 @@ static enum integrity_status evm_verify_hmac(struct dentry *dentry,
178 (const char *)xattr_data, xattr_len, 179 (const char *)xattr_data, xattr_len,
179 calc.digest, sizeof(calc.digest)); 180 calc.digest, sizeof(calc.digest));
180 if (!rc) { 181 if (!rc) {
182 inode = d_backing_inode(dentry);
183
181 if (xattr_data->type == EVM_XATTR_PORTABLE_DIGSIG) { 184 if (xattr_data->type == EVM_XATTR_PORTABLE_DIGSIG) {
182 if (iint) 185 if (iint)
183 iint->flags |= EVM_IMMUTABLE_DIGSIG; 186 iint->flags |= EVM_IMMUTABLE_DIGSIG;
184 evm_status = INTEGRITY_PASS_IMMUTABLE; 187 evm_status = INTEGRITY_PASS_IMMUTABLE;
185 } else if (!IS_RDONLY(d_backing_inode(dentry)) && 188 } else if (!IS_RDONLY(inode) &&
186 !IS_IMMUTABLE(d_backing_inode(dentry))) { 189 !(inode->i_sb->s_readonly_remount) &&
190 !IS_IMMUTABLE(inode)) {
187 evm_update_evmxattr(dentry, xattr_name, 191 evm_update_evmxattr(dentry, xattr_name,
188 xattr_value, 192 xattr_value,
189 xattr_value_len); 193 xattr_value_len);
generated by cgit v1.2.2 (git 2.25.0) at 2026-01-07 06:47:39 -0500