summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRoberto Sassu <roberto.sassu@huawei.com>2021-05-14 18:27:53 +0300
committerMimi Zohar <zohar@linux.ibm.com>2021-06-01 19:30:51 +0300
commited1b472fc15aeaa20ddeeb93fd25190014e50d17 (patch)
tree4dfb18c8666e1cb579f8380fa8846e2a25343308
parent026d7fc92a9d629630779c999fe49ecae93f9d63 (diff)
downloadlinux-ed1b472fc15aeaa20ddeeb93fd25190014e50d17.tar.xz
ima: Don't remove security.ima if file must not be appraised
Files might come from a remote source and might have xattrs, including security.ima. It should not be IMA task to decide whether security.ima should be kept or not. This patch removes the removexattr() system call in ima_inode_post_setattr(). Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com> Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
-rw-r--r--security/integrity/ima/ima_appraise.c2
1 files changed, 0 insertions, 2 deletions
diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c
index d9a627de3930..940695e7b535 100644
--- a/security/integrity/ima/ima_appraise.c
+++ b/security/integrity/ima/ima_appraise.c
@@ -532,8 +532,6 @@ void ima_inode_post_setattr(struct user_namespace *mnt_userns,
return;
action = ima_must_appraise(mnt_userns, inode, MAY_ACCESS, POST_SETATTR);
- if (!action)
- __vfs_removexattr(&init_user_ns, dentry, XATTR_NAME_IMA);
iint = integrity_iint_find(inode);
if (iint) {
set_bit(IMA_CHANGE_ATTR, &iint->atomic_flags);