提交 4199d35c 编写于 作者: M Mimi Zohar

vfs: move ima_file_free before releasing the file

ima_file_free(), called on __fput(), currently flags files that have
changed, so that the file is re-measured.  For appraising a files's
integrity, the file's hash must be re-calculated and stored in the
'security.ima' xattr to reflect any changes.

This patch moves the ima_file_free() call to before releasing the file
in preparation of ima-appraisal measuring the file and updating the
'security.ima' xattr.
Signed-off-by: NMimi Zohar <zohar@us.ibm.com>
Acked-by: NSerge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: NDmitry Kasatkin <dmitry.kasatkin@intel.com>
上级 2ab51f37
...@@ -243,10 +243,10 @@ static void __fput(struct file *file) ...@@ -243,10 +243,10 @@ static void __fput(struct file *file)
if (file->f_op && file->f_op->fasync) if (file->f_op && file->f_op->fasync)
file->f_op->fasync(-1, file, 0); file->f_op->fasync(-1, file, 0);
} }
ima_file_free(file);
if (file->f_op && file->f_op->release) if (file->f_op && file->f_op->release)
file->f_op->release(inode, file); file->f_op->release(inode, file);
security_file_free(file); security_file_free(file);
ima_file_free(file);
if (unlikely(S_ISCHR(inode->i_mode) && inode->i_cdev != NULL && if (unlikely(S_ISCHR(inode->i_mode) && inode->i_cdev != NULL &&
!(file->f_mode & FMODE_PATH))) { !(file->f_mode & FMODE_PATH))) {
cdev_put(inode->i_cdev); cdev_put(inode->i_cdev);
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册