Menu
▾
▴
Re: [Linux-ima-user] [PATCH] ima: fix ima_inode_post_setattr
|
From: Mimi Z. <zo...@li...> - 2016-03-07 13:35:22
|
On Mon, 2016-03-07 at 09:40 +0100, Patrick Ohly wrote: > On Mon, 2016-02-29 at 22:00 -0500, Mimi Zohar wrote: > > Changing file metadata (eg. uid, guid) could result in having to > > re-appraise a file's integrity, but does not change the "new file" > > status nor the security.ima xattr. The IMA_PERMIT_DIRECTIO and > > IMA_DIGSIG_REQUIRED flags are policy rule specific. This patch > > only resets these flags, not the IMA_NEW_FILE or IMA_DIGSIG flags. > > > > With this patch, changing the file timestamp will not remove the > > file signature on new files. > > As Dmitry said, this indeed works. Thanks a lot! > > Will you queue it for inclusion in upstream Linux? In which version do > you expect it to land? I've queued a couple of patches in next-4.7, including this one. Although this patch works, it could probably be cleaned up a bit. Mimi |
