Mimi Zohar 42c63330f2 ima: add ima_inode_setxattr/removexattr function and calls ... Based on xattr_permission comments, the restriction to modify 'security' xattr is left up to the underlying fs or lsm. Ensure that not just anyone can modify or remove 'security.ima'. Changelog v1: - Unless IMA-APPRAISE is configured, use stub ima_inode_removexattr()/setxattr() functions. (Moved ima_inode_removexattr()/setxattr() to ima_appraise.c) Changelog: - take i_mutex to fix locking (Dmitry Kasatkin) - ima_reset_appraise_flags should only be called when modifying or removing the 'security.ima' xattr. Requires CAP_SYS_ADMIN privilege. (Incorporated fix from Roberto Sassu) - Even if allowed to update security.ima, reset the appraisal flags, forcing re-appraisal. - Replace CAP_MAC_ADMIN with CAP_SYS_ADMIN - static inline ima_inode_setxattr()/ima_inode_removexattr() stubs - ima_protect_xattr should be static Signed-off-by: Mimi Zohar <zohar@us.ibm.com> Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>		2012-09-07 14:57:47 -04:00
..
ima.h	ima: integrity appraisal extension	2012-09-07 14:57:44 -04:00
ima_api.c	ima: integrity appraisal extension	2012-09-07 14:57:44 -04:00
ima_appraise.c	ima: add ima_inode_setxattr/removexattr function and calls	2012-09-07 14:57:47 -04:00
ima_audit.c	ima: audit is compiled only when enabled	2012-07-05 16:43:59 -04:00
ima_crypto.c	ima: integrity appraisal extension	2012-09-07 14:57:44 -04:00
ima_fs.c	ima: remove unused cleanup functions	2012-07-02 16:43:30 -04:00
ima_init.c	ima: remove unused cleanup functions	2012-07-02 16:43:30 -04:00
ima_main.c	ima: allocating iint improvements	2012-09-07 14:57:45 -04:00
ima_policy.c	ima: add appraise action keywords and default rules	2012-09-07 14:57:45 -04:00
ima_queue.c	ima: fix invalid memory reference	2011-12-19 22:07:54 -05:00
Kconfig	ima: integrity appraisal extension	2012-09-07 14:57:44 -04:00
Makefile	ima: integrity appraisal extension	2012-09-07 14:57:44 -04:00