aboutsummaryrefslogtreecommitdiffstats
path: root/fs/namei.c
diff options
context:
space:
mode:
Diffstat (limited to 'fs/namei.c')
-rw-r--r--fs/namei.c8
1 files changed, 8 insertions, 0 deletions
diff --git a/fs/namei.c b/fs/namei.c
index bbc15c237558..199317642ad6 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -24,6 +24,7 @@
24#include <linux/fsnotify.h> 24#include <linux/fsnotify.h>
25#include <linux/personality.h> 25#include <linux/personality.h>
26#include <linux/security.h> 26#include <linux/security.h>
27#include <linux/ima.h>
27#include <linux/syscalls.h> 28#include <linux/syscalls.h>
28#include <linux/mount.h> 29#include <linux/mount.h>
29#include <linux/audit.h> 30#include <linux/audit.h>
@@ -850,6 +851,8 @@ static int __link_path_walk(const char *name, struct nameidata *nd)
850 if (err == -EAGAIN) 851 if (err == -EAGAIN)
851 err = inode_permission(nd->path.dentry->d_inode, 852 err = inode_permission(nd->path.dentry->d_inode,
852 MAY_EXEC); 853 MAY_EXEC);
854 if (!err)
855 err = ima_path_check(&nd->path, MAY_EXEC);
853 if (err) 856 if (err)
854 break; 857 break;
855 858
@@ -1509,6 +1512,11 @@ int may_open(struct path *path, int acc_mode, int flag)
1509 error = inode_permission(inode, acc_mode); 1512 error = inode_permission(inode, acc_mode);
1510 if (error) 1513 if (error)
1511 return error; 1514 return error;
1515
1516 error = ima_path_check(path,
1517 acc_mode & (MAY_READ | MAY_WRITE | MAY_EXEC));
1518 if (error)
1519 return error;
1512 /* 1520 /*
1513 * An append-only file must be opened in append mode for writing. 1521 * An append-only file must be opened in append mode for writing.
1514 */ 1522 */
generated by cgit v1.2.2 (git 2.25.0) at 2025-12-06 16:50:11 -0500