summaryrefslogtreecommitdiff
path: root/fs
diff options
context:
space:
mode:
authorMimi Zohar <zohar@linux.vnet.ibm.com>2009-05-19 13:25:57 -0400
committerJames Morris <jmorris@namei.org>2009-05-22 09:43:41 +1000
commitb9fc745db833bbf74b4988493b8cd902a84c9415 (patch)
tree45a15174efb3b1c3dcbe5f0dc503e790c4f6fd70 /fs
parent932995f0ce52525b32ff5127b522c2c164de3810 (diff)
integrity: path_check update
- Add support in ima_path_check() for integrity checking without incrementing the counts. (Required for nfsd.) - rename and export opencount_get to ima_counts_get - replace ima_shm_check calls with ima_counts_get - export ima_path_check Signed-off-by: Mimi Zohar <zohar@us.ibm.com> Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'fs')
-rw-r--r--fs/exec.c5
-rw-r--r--fs/namei.c6
2 files changed, 7 insertions, 4 deletions
diff --git a/fs/exec.c b/fs/exec.c
index 998e856c3079..618d6d1e2c52 100644
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -130,7 +130,8 @@ SYSCALL_DEFINE1(uselib, const char __user *, library)
MAY_READ | MAY_EXEC | MAY_OPEN);
if (error)
goto exit;
- error = ima_path_check(&nd.path, MAY_READ | MAY_EXEC | MAY_OPEN);
+ error = ima_path_check(&nd.path, MAY_READ | MAY_EXEC | MAY_OPEN,
+ IMA_COUNT_UPDATE);
if (error)
goto exit;
@@ -680,7 +681,7 @@ struct file *open_exec(const char *name)
err = inode_permission(nd.path.dentry->d_inode, MAY_EXEC | MAY_OPEN);
if (err)
goto out_path_put;
- err = ima_path_check(&nd.path, MAY_EXEC | MAY_OPEN);
+ err = ima_path_check(&nd.path, MAY_EXEC | MAY_OPEN, IMA_COUNT_UPDATE);
if (err)
goto out_path_put;
diff --git a/fs/namei.c b/fs/namei.c
index 78f253cd2d4f..b05a2b1dea64 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -853,7 +853,8 @@ static int __link_path_walk(const char *name, struct nameidata *nd)
err = inode_permission(nd->path.dentry->d_inode,
MAY_EXEC);
if (!err)
- err = ima_path_check(&nd->path, MAY_EXEC);
+ err = ima_path_check(&nd->path, MAY_EXEC,
+ IMA_COUNT_UPDATE);
if (err)
break;
@@ -1515,7 +1516,8 @@ int may_open(struct path *path, int acc_mode, int flag)
return error;
error = ima_path_check(path,
- acc_mode & (MAY_READ | MAY_WRITE | MAY_EXEC));
+ acc_mode & (MAY_READ | MAY_WRITE | MAY_EXEC),
+ IMA_COUNT_UPDATE);
if (error)
return error;
/*