diff options
author | Mimi Zohar <zohar@linux.vnet.ibm.com> | 2009-05-19 13:25:57 -0400 |
---|---|---|
committer | James Morris <jmorris@namei.org> | 2009-05-22 09:43:41 +1000 |
commit | b9fc745db833bbf74b4988493b8cd902a84c9415 (patch) | |
tree | 45a15174efb3b1c3dcbe5f0dc503e790c4f6fd70 /fs/exec.c | |
parent | 932995f0ce52525b32ff5127b522c2c164de3810 (diff) | |
download | op-kernel-dev-b9fc745db833bbf74b4988493b8cd902a84c9415.zip op-kernel-dev-b9fc745db833bbf74b4988493b8cd902a84c9415.tar.gz |
integrity: path_check update
- Add support in ima_path_check() for integrity checking without
incrementing the counts. (Required for nfsd.)
- rename and export opencount_get to ima_counts_get
- replace ima_shm_check calls with ima_counts_get
- export ima_path_check
Signed-off-by: Mimi Zohar <zohar@us.ibm.com>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'fs/exec.c')
-rw-r--r-- | fs/exec.c | 5 |
1 files changed, 3 insertions, 2 deletions
@@ -130,7 +130,8 @@ SYSCALL_DEFINE1(uselib, const char __user *, library) MAY_READ | MAY_EXEC | MAY_OPEN); if (error) goto exit; - error = ima_path_check(&nd.path, MAY_READ | MAY_EXEC | MAY_OPEN); + error = ima_path_check(&nd.path, MAY_READ | MAY_EXEC | MAY_OPEN, + IMA_COUNT_UPDATE); if (error) goto exit; @@ -680,7 +681,7 @@ struct file *open_exec(const char *name) err = inode_permission(nd.path.dentry->d_inode, MAY_EXEC | MAY_OPEN); if (err) goto out_path_put; - err = ima_path_check(&nd.path, MAY_EXEC | MAY_OPEN); + err = ima_path_check(&nd.path, MAY_EXEC | MAY_OPEN, IMA_COUNT_UPDATE); if (err) goto out_path_put; |