diff options
author | Mimi Zohar <zohar@linux.vnet.ibm.com> | 2011-03-16 22:48:43 -0400 |
---|---|---|
committer | Mimi Zohar <zohar@linux.vnet.ibm.com> | 2012-09-07 14:57:27 -0400 |
commit | 4199d35cbc90c15db447d115bd96ffa5f1d60d3a (patch) | |
tree | f012b30b0b2269eef36261ac5b7a918cd91f95b8 /fs | |
parent | 2ab51f3721f7abdf92d89cb79d3d6c0062ddc14b (diff) |
vfs: move ima_file_free before releasing the file
ima_file_free(), called on __fput(), currently flags files that have
changed, so that the file is re-measured. For appraising a files's
integrity, the file's hash must be re-calculated and stored in the
'security.ima' xattr to reflect any changes.
This patch moves the ima_file_free() call to before releasing the file
in preparation of ima-appraisal measuring the file and updating the
'security.ima' xattr.
Signed-off-by: Mimi Zohar <zohar@us.ibm.com>
Acked-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
Diffstat (limited to 'fs')
-rw-r--r-- | fs/file_table.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/fs/file_table.c b/fs/file_table.c index 701985e4ccda..a41f23f90b17 100644 --- a/fs/file_table.c +++ b/fs/file_table.c | |||
@@ -243,10 +243,10 @@ static void __fput(struct file *file) | |||
243 | if (file->f_op && file->f_op->fasync) | 243 | if (file->f_op && file->f_op->fasync) |
244 | file->f_op->fasync(-1, file, 0); | 244 | file->f_op->fasync(-1, file, 0); |
245 | } | 245 | } |
246 | ima_file_free(file); | ||
246 | if (file->f_op && file->f_op->release) | 247 | if (file->f_op && file->f_op->release) |
247 | file->f_op->release(inode, file); | 248 | file->f_op->release(inode, file); |
248 | security_file_free(file); | 249 | security_file_free(file); |
249 | ima_file_free(file); | ||
250 | if (unlikely(S_ISCHR(inode->i_mode) && inode->i_cdev != NULL && | 250 | if (unlikely(S_ISCHR(inode->i_mode) && inode->i_cdev != NULL && |
251 | !(file->f_mode & FMODE_PATH))) { | 251 | !(file->f_mode & FMODE_PATH))) { |
252 | cdev_put(inode->i_cdev); | 252 | cdev_put(inode->i_cdev); |