linux/security
Dmitry Kasatkin 09b1148ef5 ima: fix erroneous removal of security.ima xattr
ima_inode_post_setattr() calls ima_must_appraise() to check if the
file needs to be appraised. If it does not then it removes security.ima
xattr. With original policy matching code it might happen that even
file needs to be appraised with FILE_CHECK hook, it might not be
for POST_SETATTR hook. 'security.ima' might be erronously removed.

This patch treats POST_SETATTR as special wildcard function and will
cause ima_must_appraise() to be true if any of the hooks rules matches.
security.ima will not be removed if any of the hooks would require
appraisal.

Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
2014-03-07 12:15:44 -05:00
..
apparmor security: replace strict_strto*() with kstrto*() 2014-02-06 19:11:04 +11:00
integrity ima: fix erroneous removal of security.ima xattr 2014-03-07 12:15:44 -05:00
keys security: replace strict_strto*() with kstrto*() 2014-02-06 19:11:04 +11:00
selinux security: replace strict_strto*() with kstrto*() 2014-02-06 19:11:04 +11:00
smack Smack: File receive audit correction 2013-12-31 13:35:27 -08:00
tomoyo Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2013-05-01 17:51:54 -07:00
yama yama: Better permission check for ptraceme 2013-03-26 13:17:58 -07:00
capability.c Linux 3.12 2013-11-26 17:32:55 -05:00
commoncap.c capabilities: allow nice if we are privileged 2013-08-30 23:44:09 -07:00
device_cgroup.c device_cgroup: remove can_attach 2013-10-24 06:56:56 -04:00
inode.c
Kconfig KEYS: Move the key config into security/keys/Kconfig 2012-05-11 10:56:56 +01:00
lsm_audit.c Merge git://git.infradead.org/users/eparis/audit 2013-11-21 19:18:14 -08:00
Makefile security: cleanup Makefiles to use standard syntax for specifying sub-directories 2014-02-17 11:08:04 +11:00
min_addr.c
security.c Linux 3.12 2013-11-26 17:32:55 -05:00