mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-10-03 07:38:10 +00:00
ima: Reflect correct permissions for policy
Kernel configured as CONFIG_IMA_READ_POLICY=y && CONFIG_IMA_WRITE_POLICY=n keeps 0600 mode after loading policy. Remove write permission to state that policy file no longer be written. Signed-off-by: Petr Vorel <pvorel@suse.cz> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
This commit is contained in:
parent
890e2abe10
commit
ffb122de9a
1 changed files with 2 additions and 0 deletions
|
@ -434,6 +434,8 @@ static int ima_release_policy(struct inode *inode, struct file *file)
|
|||
ima_policy = NULL;
|
||||
#elif defined(CONFIG_IMA_WRITE_POLICY)
|
||||
clear_bit(IMA_FS_BUSY, &ima_fs_flags);
|
||||
#elif defined(CONFIG_IMA_READ_POLICY)
|
||||
inode->i_mode &= ~S_IWUSR;
|
||||
#endif
|
||||
return 0;
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue