summaryrefslogtreecommitdiff
path: root/security
diff options
context:
space:
mode:
authorRoberto Sassu <roberto.sassu@huawei.com>2021-05-14 17:27:53 +0200
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>2021-07-14 16:59:18 +0200
commit5b421ed9178aaf4b4c9bb4d1a3353e1717aa8a01 (patch)
tree2a8a32e59f771852dc52a4c086d75cfa171a68ee /security
parentebb91e961ab18e5246c724b696082afb8a4c8427 (diff)
ima: Don't remove security.ima if file must not be appraised
[ Upstream commit ed1b472fc15aeaa20ddeeb93fd25190014e50d17 ] Files might come from a remote source and might have xattrs, including security.ima. It should not be IMA task to decide whether security.ima should be kept or not. This patch removes the removexattr() system call in ima_inode_post_setattr(). Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com> Signed-off-by: Mimi Zohar <zohar@linux.ibm.com> Signed-off-by: Sasha Levin <sashal@kernel.org>
Diffstat (limited to 'security')
-rw-r--r--security/integrity/ima/ima_appraise.c2
1 files changed, 0 insertions, 2 deletions
diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c
index 565e33ff19d0..d7cc6f897746 100644
--- a/security/integrity/ima/ima_appraise.c
+++ b/security/integrity/ima/ima_appraise.c
@@ -522,8 +522,6 @@ void ima_inode_post_setattr(struct user_namespace *mnt_userns,
return;
action = ima_must_appraise(mnt_userns, inode, MAY_ACCESS, POST_SETATTR);
- if (!action)
- __vfs_removexattr(&init_user_ns, dentry, XATTR_NAME_IMA);
iint = integrity_iint_find(inode);
if (iint) {
set_bit(IMA_CHANGE_ATTR, &iint->atomic_flags);
generated by cgit v1.2.3 (git 2.46.0) at 2026-04-14 19:48:46 +0000