• M
    ima: add ima_inode_setxattr/removexattr function and calls · 42c63330
    Mimi Zohar 提交于
    Based on xattr_permission comments, the restriction to modify 'security'
    xattr is left up to the underlying fs or lsm. Ensure that not just anyone
    can modify or remove 'security.ima'.
    
    Changelog v1:
    - Unless IMA-APPRAISE is configured, use stub ima_inode_removexattr()/setxattr()
      functions.  (Moved ima_inode_removexattr()/setxattr() to ima_appraise.c)
    
    Changelog:
      - take i_mutex to fix locking (Dmitry Kasatkin)
      - ima_reset_appraise_flags should only be called when modifying or
        removing the 'security.ima' xattr. Requires CAP_SYS_ADMIN privilege.
        (Incorporated fix from Roberto Sassu)
      - Even if allowed to update security.ima, reset the appraisal flags,
        forcing re-appraisal.
      - Replace CAP_MAC_ADMIN with CAP_SYS_ADMIN
      - static inline ima_inode_setxattr()/ima_inode_removexattr() stubs
      - ima_protect_xattr should be static
    Signed-off-by: NMimi Zohar <zohar@us.ibm.com>
    Signed-off-by: NDmitry Kasatkin <dmitry.kasatkin@intel.com>
    42c63330
security.c 34.5 KB