From 866d259aabcd4e4434480295b384131c5a2bb4df Mon Sep 17 00:00:00 2001 From: Dmitry Kasatkin Date: Thu, 27 Sep 2012 15:06:28 +0300 Subject: [PATCH] --- yaml --- r: 352843 b: refs/heads/master c: a175b8bb29ebbad380ab4788f307fbfc47997b19 h: refs/heads/master i: 352841: b368b3b30f034c903f77ab2a6af71256c08b6c79 352839: 7417e0a8bd5f3d31dc37034c201d8e7f7e91f54b v: v3 --- [refs] | 2 +- trunk/security/integrity/ima/ima_main.c | 7 +++++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/[refs] b/[refs] index 15cfb00ccb7d..d3e4e74eb02a 100644 --- a/[refs] +++ b/[refs] @@ -1,2 +1,2 @@ --- -refs/heads/master: ea1046d4c57ee6e3d5f68f19dd9a45bbab0b71a0 +refs/heads/master: a175b8bb29ebbad380ab4788f307fbfc47997b19 diff --git a/trunk/security/integrity/ima/ima_main.c b/trunk/security/integrity/ima/ima_main.c index d743c9a0a4b4..cd00ba39e8e0 100644 --- a/trunk/security/integrity/ima/ima_main.c +++ b/trunk/security/integrity/ima/ima_main.c @@ -175,12 +175,12 @@ static int process_measurement(struct file *file, const char *filename, if (!action) { if (iint->flags & IMA_APPRAISED) rc = iint->ima_status; - goto out; + goto out_digsig; } rc = ima_collect_measurement(iint, file); if (rc != 0) - goto out; + goto out_digsig; if (function != BPRM_CHECK) pathname = ima_d_path(&file->f_path, &pathbuf); @@ -195,6 +195,9 @@ static int process_measurement(struct file *file, const char *filename, if (action & IMA_AUDIT) ima_audit_measurement(iint, pathname); kfree(pathbuf); +out_digsig: + if ((mask & MAY_WRITE) && (iint->flags & IMA_DIGSIG)) + rc = -EACCES; out: mutex_unlock(&inode->i_mutex); if ((rc && must_appraise) && (ima_appraise & IMA_APPRAISE_ENFORCE))