diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2009-06-11 13:01:41 -0400 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2009-06-11 13:01:41 -0400 |
| commit | 3296ca27f50ecbd71db1d808c7a72d311027f919 (patch) | |
| tree | 833eaa58b2013bda86d4bd95faf6efad7a2d5ca4 /security/integrity/ima/ima_fs.c | |
| parent | e893123c7378192c094747dadec326b7c000c190 (diff) | |
| parent | 73fbad283cfbbcf02939bdbda31fc4a30e729cca (diff) | |
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6: (44 commits)
nommu: Provide mmap_min_addr definition.
TOMOYO: Add description of lists and structures.
TOMOYO: Remove unused field.
integrity: ima audit dentry_open failure
TOMOYO: Remove unused parameter.
security: use mmap_min_addr indepedently of security models
TOMOYO: Simplify policy reader.
TOMOYO: Remove redundant markers.
SELinux: define audit permissions for audit tree netlink messages
TOMOYO: Remove unused mutex.
tomoyo: avoid get+put of task_struct
smack: Remove redundant initialization.
integrity: nfsd imbalance bug fix
rootplug: Remove redundant initialization.
smack: do not beyond ARRAY_SIZE of data
integrity: move ima_counts_get
integrity: path_check update
IMA: Add __init notation to ima functions
IMA: Minimal IMA policy and boot param for TCB IMA policy
selinux: remove obsolete read buffer limit from sel_read_bool
...
Diffstat (limited to 'security/integrity/ima/ima_fs.c')
| -rw-r--r-- | security/integrity/ima/ima_fs.c | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/security/integrity/ima/ima_fs.c b/security/integrity/ima/ima_fs.c index 510186f0b72e..6bfc7eaebfda 100644 --- a/security/integrity/ima/ima_fs.c +++ b/security/integrity/ima/ima_fs.c | |||
| @@ -15,6 +15,7 @@ | |||
| 15 | * implemenents security file system for reporting | 15 | * implemenents security file system for reporting |
| 16 | * current measurement list and IMA statistics | 16 | * current measurement list and IMA statistics |
| 17 | */ | 17 | */ |
| 18 | #include <linux/fcntl.h> | ||
| 18 | #include <linux/module.h> | 19 | #include <linux/module.h> |
| 19 | #include <linux/seq_file.h> | 20 | #include <linux/seq_file.h> |
| 20 | #include <linux/rculist.h> | 21 | #include <linux/rculist.h> |
| @@ -283,6 +284,9 @@ static atomic_t policy_opencount = ATOMIC_INIT(1); | |||
| 283 | */ | 284 | */ |
| 284 | int ima_open_policy(struct inode * inode, struct file * filp) | 285 | int ima_open_policy(struct inode * inode, struct file * filp) |
| 285 | { | 286 | { |
| 287 | /* No point in being allowed to open it if you aren't going to write */ | ||
| 288 | if (!(filp->f_flags & O_WRONLY)) | ||
| 289 | return -EACCES; | ||
| 286 | if (atomic_dec_and_test(&policy_opencount)) | 290 | if (atomic_dec_and_test(&policy_opencount)) |
| 287 | return 0; | 291 | return 0; |
| 288 | return -EBUSY; | 292 | return -EBUSY; |
| @@ -315,7 +319,7 @@ static struct file_operations ima_measure_policy_ops = { | |||
| 315 | .release = ima_release_policy | 319 | .release = ima_release_policy |
| 316 | }; | 320 | }; |
| 317 | 321 | ||
| 318 | int ima_fs_init(void) | 322 | int __init ima_fs_init(void) |
| 319 | { | 323 | { |
| 320 | ima_dir = securityfs_create_dir("ima", NULL); | 324 | ima_dir = securityfs_create_dir("ima", NULL); |
| 321 | if (IS_ERR(ima_dir)) | 325 | if (IS_ERR(ima_dir)) |
| @@ -349,7 +353,7 @@ int ima_fs_init(void) | |||
| 349 | goto out; | 353 | goto out; |
| 350 | 354 | ||
| 351 | ima_policy = securityfs_create_file("policy", | 355 | ima_policy = securityfs_create_file("policy", |
| 352 | S_IRUSR | S_IRGRP | S_IWUSR, | 356 | S_IWUSR, |
| 353 | ima_dir, NULL, | 357 | ima_dir, NULL, |
| 354 | &ima_measure_policy_ops); | 358 | &ima_measure_policy_ops); |
| 355 | if (IS_ERR(ima_policy)) | 359 | if (IS_ERR(ima_policy)) |