Skip to content

Commit

Permalink
ima: Don't remove security.ima if file must not be appraised
Browse files Browse the repository at this point in the history 
[ Upstream commit ed1b472 ]

Files might come from a remote source and might have xattrs, including
security.ima. It should not be IMA task to decide whether security.ima
should be kept or not. This patch removes the removexattr() system
call in ima_inode_post_setattr().

Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
  • Loading branch information
@robertosassu @gregkh
robertosassu authored and gregkh committed Jul 14, 2021
1 parent ebb91e9 commit 5b421ed
Showing 1 changed file with 0 additions and 2 deletions.
2 changes: 0 additions & 2 deletions security/integrity/ima/ima_appraise.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -522,8 +522,6 @@ void ima_inode_post_setattr(struct user_namespace *mnt_userns,
return;

action = ima_must_appraise(mnt_userns, inode, MAY_ACCESS, POST_SETATTR);
if (!action)
__vfs_removexattr(&init_user_ns, dentry, XATTR_NAME_IMA);
iint = integrity_iint_find(inode);
if (iint) {
set_bit(IMA_CHANGE_ATTR, &iint->atomic_flags);
Expand Down

0 comments on commit 5b421ed

Please sign in to comment.