merge nfs bugfixes into nfsd for-3.19 branch

In addition to nfsd bugfixes, there are some fixes in -rc5 for client bugs that can interfere with my testing.
author: J. Bruce Fields <bfields@redhat.com> 2014-11-19 20:06:30 +0300
committer: J. Bruce Fields <bfields@redhat.com> 2014-11-19 20:06:30 +0300
commit: 56429e9b3be567a173bd05f5594faf8522c34d3a (patch)
tree: d218d430ed992cdfa42da084bf36e5aa3c2ecb26 /security/integrity/evm/evm_main.c
parent: 5b095e99928cc13332d364f7cca7a9ca684369b4 (diff)
parent: 093a1468b6edb0e568be7311b8d2228d205702db (diff)
download: linux-56429e9b3be567a173bd05f5594faf8522c34d3a.tar.xz
1 files changed, 6 insertions, 3 deletions
diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/evm_main.c
index 9685af330de5..c5ee1a7c5e8a 100644
--- a/security/integrity/evm/evm_main.c
+++ b/security/integrity/evm/evm_main.c
@@ -319,9 +319,12 @@ int evm_inode_setxattr(struct dentry *dentry, const char *xattr_name,
 {
 	const struct evm_ima_xattr_data *xattr_data = xattr_value;
 
-	if ((strcmp(xattr_name, XATTR_NAME_EVM) == 0)
-	    && (xattr_data->type == EVM_XATTR_HMAC))
-		return -EPERM;
+	if (strcmp(xattr_name, XATTR_NAME_EVM) == 0) {
+		if (!xattr_value_len)
+			return -EINVAL;
+		if (xattr_data->type != EVM_IMA_XATTR_DIGSIG)
+			return -EPERM;
+	}
 	return evm_protect_xattr(dentry, xattr_name, xattr_value,
 				 xattr_value_len);
 }
author	J. Bruce Fields <bfields@redhat.com>	2014-11-19 20:06:30 +0300
committer	J. Bruce Fields <bfields@redhat.com>	2014-11-19 20:06:30 +0300
commit	56429e9b3be567a173bd05f5594faf8522c34d3a (patch)
tree	d218d430ed992cdfa42da084bf36e5aa3c2ecb26 /security/integrity/evm/evm_main.c
parent	5b095e99928cc13332d364f7cca7a9ca684369b4 (diff)
parent	093a1468b6edb0e568be7311b8d2228d205702db (diff)
download	linux-56429e9b3be567a173bd05f5594faf8522c34d3a.tar.xz