Re: [Linux-ima-user] [PATCH] ima: fix ima_inode_post_setattr

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

On Mon, 2016-02-29 at 22:00 -0500, Mimi Zohar wrote:
> Changing file metadata (eg. uid, guid) could result in having to
> re-appraise a file's integrity, but does not change the "new file"
> status nor the security.ima xattr.  The IMA_PERMIT_DIRECTIO and
> IMA_DIGSIG_REQUIRED flags are policy rule specific.  This patch
> only resets these flags, not the IMA_NEW_FILE or IMA_DIGSIG flags.
> 
> With this patch, changing the file timestamp will not remove the
> file signature on new files.

As Dmitry said, this indeed works. Thanks a lot!

Will you queue it for inclusion in upstream Linux? In which version do
you expect it to land?

-- 
Best Regards, Patrick Ohly

The content of this message is my personal opinion only and although
I am an employee of Intel, the statements I make here in no way
represent Intel's position on the issue, nor am I authorized to speak
on behalf of Intel on this matter.