diff options
Diffstat (limited to 'security/integrity')
-rw-r--r-- | security/integrity/evm/evm_main.c | 12 | ||||
-rw-r--r-- | security/integrity/ima/ima.h | 2 | ||||
-rw-r--r-- | security/integrity/ima/ima_fs.c | 4 | ||||
-rw-r--r-- | security/integrity/ima/ima_template_lib.c | 3 |
4 files changed, 17 insertions, 4 deletions
diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/evm_main.c index 690cd632bd5b..3d1d3aceb213 100644 --- a/security/integrity/evm/evm_main.c +++ b/security/integrity/evm/evm_main.c @@ -20,6 +20,7 @@ #include <linux/xattr.h> #include <linux/integrity.h> #include <linux/evm.h> +#include <linux/magic.h> #include <crypto/hash.h> #include "evm.h" @@ -275,6 +276,17 @@ static int evm_protect_xattr(struct dentry *dentry, const char *xattr_name, iint = integrity_iint_find(dentry->d_inode); if (iint && (iint->flags & IMA_NEW_FILE)) return 0; + + /* exception for pseudo filesystems */ + if (dentry->d_inode->i_sb->s_magic == TMPFS_MAGIC + || dentry->d_inode->i_sb->s_magic == SYSFS_MAGIC) + return 0; + + integrity_audit_msg(AUDIT_INTEGRITY_METADATA, + dentry->d_inode, dentry->d_name.name, + "update_metadata", + integrity_status_msg[evm_status], + -EPERM, 0); } out: if (evm_status != INTEGRITY_PASS) diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h index f79fa8be203c..5cb7de9046fa 100644 --- a/security/integrity/ima/ima.h +++ b/security/integrity/ima/ima.h @@ -106,7 +106,7 @@ void ima_add_violation(struct file *file, const unsigned char *filename, const char *op, const char *cause); int ima_init_crypto(void); void ima_putc(struct seq_file *m, void *data, int datalen); -void ima_print_digest(struct seq_file *m, u8 *digest, int size); +void ima_print_digest(struct seq_file *m, u8 *digest, u32 size); struct ima_template_desc *ima_template_desc_current(void); int ima_init_template(void); diff --git a/security/integrity/ima/ima_fs.c b/security/integrity/ima/ima_fs.c index 468a3ba3c539..35f3c900f801 100644 --- a/security/integrity/ima/ima_fs.c +++ b/security/integrity/ima/ima_fs.c @@ -186,9 +186,9 @@ static const struct file_operations ima_measurements_ops = { .release = seq_release, }; -void ima_print_digest(struct seq_file *m, u8 *digest, int size) +void ima_print_digest(struct seq_file *m, u8 *digest, u32 size) { - int i; + u32 i; for (i = 0; i < size; i++) seq_printf(m, "%02x", *(digest + i)); diff --git a/security/integrity/ima/ima_template_lib.c b/security/integrity/ima/ima_template_lib.c index e8592e7bfc21..dcf77b77d2fc 100644 --- a/security/integrity/ima/ima_template_lib.c +++ b/security/integrity/ima/ima_template_lib.c @@ -79,7 +79,8 @@ static void ima_show_template_data_ascii(struct seq_file *m, enum data_formats datafmt, struct ima_field_data *field_data) { - u8 *buf_ptr = field_data->data, buflen = field_data->len; + u8 *buf_ptr = field_data->data; + u32 buflen = field_data->len; switch (datafmt) { case DATA_FMT_DIGEST_WITH_ALGO: |