Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity into next

author: James Morris <james.l.morris@oracle.com> 2014-11-19 21:36:07 +1100
committer: James Morris <james.l.morris@oracle.com> 2014-11-19 21:36:07 +1100
commit: a6aacbde406eeb6f8fc218b2c6172825f5e73fcf (patch)
tree: b79e1a17c38090915085f0dbb501a0970cb79b28 /security/integrity/evm/evm_main.c
parent: b10778a00d40b3d9fdaaf5891e802794781ff71c (diff)
parent: 6fb5032ebb1c5b852461d64ee33829081de8ca61 (diff)
download: op-kernel-dev-a6aacbde406eeb6f8fc218b2c6172825f5e73fcf.zip
op-kernel-dev-a6aacbde406eeb6f8fc218b2c6172825f5e73fcf.tar.gz
1 files changed, 8 insertions, 3 deletions
diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/evm_main.c
index 9685af3..b392fe6 100644
--- a/security/integrity/evm/evm_main.c
+++ b/security/integrity/evm/evm_main.c
@@ -162,9 +162,14 @@ static enum integrity_status evm_verify_hmac(struct dentry *dentry,
 					(const char *)xattr_data, xattr_len,
 					calc.digest, sizeof(calc.digest));
 		if (!rc) {
-			/* we probably want to replace rsa with hmac here */
-			evm_update_evmxattr(dentry, xattr_name, xattr_value,
-				   xattr_value_len);
+			/* Replace RSA with HMAC if not mounted readonly and
+			 * not immutable
+			 */
+			if (!IS_RDONLY(dentry->d_inode) &&
+			    !IS_IMMUTABLE(dentry->d_inode))
+				evm_update_evmxattr(dentry, xattr_name,
+						    xattr_value,
+						    xattr_value_len);
 		}
 		break;
 	default:
author	James Morris <james.l.morris@oracle.com>	2014-11-19 21:36:07 +1100
committer	James Morris <james.l.morris@oracle.com>	2014-11-19 21:36:07 +1100
commit	a6aacbde406eeb6f8fc218b2c6172825f5e73fcf (patch)
tree	b79e1a17c38090915085f0dbb501a0970cb79b28 /security/integrity/evm/evm_main.c
parent	b10778a00d40b3d9fdaaf5891e802794781ff71c (diff)
parent	6fb5032ebb1c5b852461d64ee33829081de8ca61 (diff)
download	op-kernel-dev-a6aacbde406eeb6f8fc218b2c6172825f5e73fcf.zip op-kernel-dev-a6aacbde406eeb6f8fc218b2c6172825f5e73fcf.tar.gz