vfs: move ima_file_free before releasing the file
ima_file_free(), called on __fput(), currently flags files that have changed, so that the file is re-measured. For appraising a files's integrity, the file's hash must be re-calculated and stored in the 'security.ima' xattr to reflect any changes. This patch moves the ima_file_free() call to before releasing the file in preparation of ima-appraisal measuring the file and updating the 'security.ima' xattr. Signed-off-by: Mimi Zohar <zohar@us.ibm.com> Acked-by: Serge Hallyn <serge.hallyn@ubuntu.com> Acked-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
This commit is contained in:
Родитель
2ab51f3721
Коммит
4199d35cbc
|
@ -243,10 +243,10 @@ static void __fput(struct file *file)
|
|||
if (file->f_op && file->f_op->fasync)
|
||||
file->f_op->fasync(-1, file, 0);
|
||||
}
|
||||
ima_file_free(file);
|
||||
if (file->f_op && file->f_op->release)
|
||||
file->f_op->release(inode, file);
|
||||
security_file_free(file);
|
||||
ima_file_free(file);
|
||||
if (unlikely(S_ISCHR(inode->i_mode) && inode->i_cdev != NULL &&
|
||||
!(file->f_mode & FMODE_PATH))) {
|
||||
cdev_put(inode->i_cdev);
|
||||
|
|
Загрузка…
Ссылка в новой задаче