diff options
| author | Mimi Zohar <zohar@linux.vnet.ibm.com> | 2011-08-18 18:07:44 -0400 |
|---|---|---|
| committer | Mimi Zohar <zohar@linux.vnet.ibm.com> | 2011-09-14 15:24:51 -0400 |
| commit | bf6d0f5dcda17df3cc5577e203d0f8ea1c2ad6aa (patch) | |
| tree | c6c5f39d43fe0d27bc1d3aedbd2f9b3ba2f8f537 /include/linux/evm.h | |
| parent | a924ce0b35875ef9512135b46a32f4150fd700b2 (diff) | |
evm: posix acls modify i_mode
The posix xattr acls are 'system' prefixed, which normally would not
affect security.evm. An interesting side affect of writing posix xattr
acls is their modifying of the i_mode, which is included in security.evm.
This patch updates security.evm when posix xattr acls are written.
Signed-off-by: Mimi Zohar <zohar@us.ibm.com>
Diffstat (limited to 'include/linux/evm.h')
| -rw-r--r-- | include/linux/evm.h | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/include/linux/evm.h b/include/linux/evm.h index ea603c9e775d..9fc13a760928 100644 --- a/include/linux/evm.h +++ b/include/linux/evm.h | |||
| @@ -33,6 +33,14 @@ extern void evm_inode_post_removexattr(struct dentry *dentry, | |||
| 33 | extern int evm_inode_init_security(struct inode *inode, | 33 | extern int evm_inode_init_security(struct inode *inode, |
| 34 | const struct xattr *xattr_array, | 34 | const struct xattr *xattr_array, |
| 35 | struct xattr *evm); | 35 | struct xattr *evm); |
| 36 | #ifdef CONFIG_FS_POSIX_ACL | ||
| 37 | extern int posix_xattr_acl(const char *xattrname); | ||
| 38 | #else | ||
| 39 | static inline int posix_xattr_acl(const char *xattrname) | ||
| 40 | { | ||
| 41 | return 0; | ||
| 42 | } | ||
| 43 | #endif | ||
| 36 | #else | 44 | #else |
| 37 | #ifdef CONFIG_INTEGRITY | 45 | #ifdef CONFIG_INTEGRITY |
| 38 | static inline enum integrity_status evm_verifyxattr(struct dentry *dentry, | 46 | static inline enum integrity_status evm_verifyxattr(struct dentry *dentry, |