mirror of
https://github.com/hardkernel/linux.git
synced 2026-04-07 05:33:20 +09:00
4e9c74a333
commitb151d6b00bupstream. On ima_file_free(), newly created empty files are not labeled with an initial security.ima value, because the iversion did not change. Commitdff6efc"fs: fix iversion handling" introduced a change in iversion behavior. To verify this change use the shell command: $ (exec >foo) $ getfattr -h -e hex -d -m security foo This patch defines the IMA_NEW_FILE flag. The flag is initially set, when IMA detects that a new file is created, and subsequently checked on the ima_file_free() hook to set the initial security.ima value. Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>