aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--security/integrity/ima/ima_policy.c6
1 files changed, 4 insertions, 2 deletions
diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c
index 3f6b8a466368..a556d5b9c57f 100644
--- a/security/integrity/ima/ima_policy.c
+++ b/security/integrity/ima/ima_policy.c
@@ -167,9 +167,11 @@ static bool ima_match_rules(struct ima_rule_entry *rule,
167 const struct cred *cred = current_cred(); 167 const struct cred *cred = current_cred();
168 int i; 168 int i;
169 169
170 if ((rule->flags & IMA_FUNC) && rule->func != func) 170 if ((rule->flags & IMA_FUNC) &&
171 (rule->func != func && func != POST_SETATTR))
171 return false; 172 return false;
172 if ((rule->flags & IMA_MASK) && rule->mask != mask) 173 if ((rule->flags & IMA_MASK) &&
174 (rule->mask != mask && func != POST_SETATTR))
173 return false; 175 return false;
174 if ((rule->flags & IMA_FSMAGIC) 176 if ((rule->flags & IMA_FSMAGIC)
175 && rule->fsmagic != inode->i_sb->s_magic) 177 && rule->fsmagic != inode->i_sb->s_magic)
generated by cgit v1.2.2 (git 2.25.0) at 2025-09-13 21:43:44 -0400