summaryrefslogtreecommitdiffstats
path: root/security/integrity
diff options
context:
space:
mode:
authorRoberto Sassu <roberto.sassu@huawei.com>2021-05-14 17:27:53 +0200
committerMimi Zohar <zohar@linux.ibm.com>2021-06-01 18:30:51 +0200
commited1b472fc15aeaa20ddeeb93fd25190014e50d17 (patch)
tree4dfb18c8666e1cb579f8380fa8846e2a25343308 /security/integrity
parentima: Introduce template field evmsig and write to field sig as fallback (diff)
downloadlinux-ed1b472fc15aeaa20ddeeb93fd25190014e50d17.tar.xz
linux-ed1b472fc15aeaa20ddeeb93fd25190014e50d17.zip
ima: Don't remove security.ima if file must not be appraised
Files might come from a remote source and might have xattrs, including security.ima. It should not be IMA task to decide whether security.ima should be kept or not. This patch removes the removexattr() system call in ima_inode_post_setattr(). Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com> Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Diffstat (limited to 'security/integrity')
-rw-r--r--security/integrity/ima/ima_appraise.c2
1 files changed, 0 insertions, 2 deletions
diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c
index d9a627de3930..940695e7b535 100644
--- a/security/integrity/ima/ima_appraise.c
+++ b/security/integrity/ima/ima_appraise.c
@@ -532,8 +532,6 @@ void ima_inode_post_setattr(struct user_namespace *mnt_userns,
return;
action = ima_must_appraise(mnt_userns, inode, MAY_ACCESS, POST_SETATTR);
- if (!action)
- __vfs_removexattr(&init_user_ns, dentry, XATTR_NAME_IMA);
iint = integrity_iint_find(inode);
if (iint) {
set_bit(IMA_CHANGE_ATTR, &iint->atomic_flags);