diff options
author | Mimi Zohar <zohar@linux.vnet.ibm.com> | 2011-03-09 14:39:57 -0500 |
---|---|---|
committer | Mimi Zohar <zohar@linux.vnet.ibm.com> | 2011-07-18 12:29:44 -0400 |
commit | 975d294373d8c1c913ad2bf4eb93966d4c7ca38f (patch) | |
tree | 3695195e45cedd834660bdd75e843f12f25b08b6 | |
parent | c7b87de23b6fd5dfbe5c36601f29d6c515056343 (diff) | |
download | kernel_replicant_linux-975d294373d8c1c913ad2bf4eb93966d4c7ca38f.tar.gz kernel_replicant_linux-975d294373d8c1c913ad2bf4eb93966d4c7ca38f.tar.bz2 kernel_replicant_linux-975d294373d8c1c913ad2bf4eb93966d4c7ca38f.zip |
evm: imbed evm_inode_post_setattr
Changing the inode's metadata may require the 'security.evm' extended
attribute to be re-calculated and updated.
Signed-off-by: Mimi Zohar <zohar@us.ibm.com>
Acked-by: Serge Hallyn <serge.hallyn@ubuntu.com>
-rw-r--r-- | fs/attr.c | 5 | ||||
-rw-r--r-- | include/linux/evm.h | 6 |
2 files changed, 10 insertions, 1 deletions
diff --git a/fs/attr.c b/fs/attr.c index caf2aa521e2b..5ad45d3cc20a 100644 --- a/fs/attr.c +++ b/fs/attr.c @@ -13,6 +13,7 @@ #include <linux/fsnotify.h> #include <linux/fcntl.h> #include <linux/security.h> +#include <linux/evm.h> /** * inode_change_ok - check if attribute changes to an inode are allowed @@ -243,8 +244,10 @@ int notify_change(struct dentry * dentry, struct iattr * attr) if (ia_valid & ATTR_SIZE) up_write(&dentry->d_inode->i_alloc_sem); - if (!error) + if (!error) { fsnotify_change(dentry, ia_valid); + evm_inode_post_setattr(dentry, ia_valid); + } return error; } diff --git a/include/linux/evm.h b/include/linux/evm.h index a730782da563..33a92471e463 100644 --- a/include/linux/evm.h +++ b/include/linux/evm.h @@ -15,6 +15,7 @@ extern enum integrity_status evm_verifyxattr(struct dentry *dentry, const char *xattr_name, void *xattr_value, size_t xattr_value_len); +extern void evm_inode_post_setattr(struct dentry *dentry, int ia_valid); extern int evm_inode_setxattr(struct dentry *dentry, const char *name, const void *value, size_t size); extern void evm_inode_post_setxattr(struct dentry *dentry, @@ -35,6 +36,11 @@ static inline enum integrity_status evm_verifyxattr(struct dentry *dentry, } #endif +static inline void evm_inode_post_setattr(struct dentry *dentry, int ia_valid) +{ + return; +} + static inline int evm_inode_setxattr(struct dentry *dentry, const char *name, const void *value, size_t size) { |