diff options
| author | Mimi Zohar <zohar@linux.vnet.ibm.com> | 2011-03-09 14:39:57 -0500 |
|---|---|---|
| committer | Mimi Zohar <zohar@linux.vnet.ibm.com> | 2011-07-18 12:29:44 -0400 |
| commit | 975d294373d8c1c913ad2bf4eb93966d4c7ca38f (patch) | |
| tree | 3695195e45cedd834660bdd75e843f12f25b08b6 | |
| parent | c7b87de23b6fd5dfbe5c36601f29d6c515056343 (diff) | |
evm: imbed evm_inode_post_setattr
Changing the inode's metadata may require the 'security.evm' extended
attribute to be re-calculated and updated.
Signed-off-by: Mimi Zohar <zohar@us.ibm.com>
Acked-by: Serge Hallyn <serge.hallyn@ubuntu.com>
| -rw-r--r-- | fs/attr.c | 5 | ||||
| -rw-r--r-- | include/linux/evm.h | 6 |
2 files changed, 10 insertions, 1 deletions
| @@ -13,6 +13,7 @@ | |||
| 13 | #include <linux/fsnotify.h> | 13 | #include <linux/fsnotify.h> |
| 14 | #include <linux/fcntl.h> | 14 | #include <linux/fcntl.h> |
| 15 | #include <linux/security.h> | 15 | #include <linux/security.h> |
| 16 | #include <linux/evm.h> | ||
| 16 | 17 | ||
| 17 | /** | 18 | /** |
| 18 | * inode_change_ok - check if attribute changes to an inode are allowed | 19 | * inode_change_ok - check if attribute changes to an inode are allowed |
| @@ -243,8 +244,10 @@ int notify_change(struct dentry * dentry, struct iattr * attr) | |||
| 243 | if (ia_valid & ATTR_SIZE) | 244 | if (ia_valid & ATTR_SIZE) |
| 244 | up_write(&dentry->d_inode->i_alloc_sem); | 245 | up_write(&dentry->d_inode->i_alloc_sem); |
| 245 | 246 | ||
| 246 | if (!error) | 247 | if (!error) { |
| 247 | fsnotify_change(dentry, ia_valid); | 248 | fsnotify_change(dentry, ia_valid); |
| 249 | evm_inode_post_setattr(dentry, ia_valid); | ||
| 250 | } | ||
| 248 | 251 | ||
| 249 | return error; | 252 | return error; |
| 250 | } | 253 | } |
diff --git a/include/linux/evm.h b/include/linux/evm.h index a730782da563..33a92471e463 100644 --- a/include/linux/evm.h +++ b/include/linux/evm.h | |||
| @@ -15,6 +15,7 @@ extern enum integrity_status evm_verifyxattr(struct dentry *dentry, | |||
| 15 | const char *xattr_name, | 15 | const char *xattr_name, |
| 16 | void *xattr_value, | 16 | void *xattr_value, |
| 17 | size_t xattr_value_len); | 17 | size_t xattr_value_len); |
| 18 | extern void evm_inode_post_setattr(struct dentry *dentry, int ia_valid); | ||
| 18 | extern int evm_inode_setxattr(struct dentry *dentry, const char *name, | 19 | extern int evm_inode_setxattr(struct dentry *dentry, const char *name, |
| 19 | const void *value, size_t size); | 20 | const void *value, size_t size); |
| 20 | extern void evm_inode_post_setxattr(struct dentry *dentry, | 21 | extern void evm_inode_post_setxattr(struct dentry *dentry, |
| @@ -35,6 +36,11 @@ static inline enum integrity_status evm_verifyxattr(struct dentry *dentry, | |||
| 35 | } | 36 | } |
| 36 | #endif | 37 | #endif |
| 37 | 38 | ||
| 39 | static inline void evm_inode_post_setattr(struct dentry *dentry, int ia_valid) | ||
| 40 | { | ||
| 41 | return; | ||
| 42 | } | ||
| 43 | |||
| 38 | static inline int evm_inode_setxattr(struct dentry *dentry, const char *name, | 44 | static inline int evm_inode_setxattr(struct dentry *dentry, const char *name, |
| 39 | const void *value, size_t size) | 45 | const void *value, size_t size) |
| 40 | { | 46 | { |