Roberto Sassu 0f2206e3d9 ima: Don't modify file descriptor mode on the fly ... commit 207cdd565d upstream. Commit a408e4a86b ("ima: open a new file instance if no read permissions") already introduced a second open to measure a file when the original file descriptor does not allow it. However, it didn't remove the existing method of changing the mode of the original file descriptor, which is still necessary if the current process does not have enough privileges to open a new one. Changing the mode isn't really an option, as the filesystem might need to do preliminary steps to make the read possible. Thus, this patch removes the code and keeps the second open as the only option to measure a file when it is unreadable with the original file descriptor. Cc: <stable@vger.kernel.org> # 4.20.x: 0014cc04e8 ima: Set file->f_mode Fixes: 2fe5d6def1 ("ima: integrity appraisal extension") Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Mimi Zohar <zohar@linux.ibm.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>		2020-12-30 11:54:17 +01:00
..
evm	evm: Check size of security.evm before using it	2020-09-15 13:47:42 -04:00
ima	ima: Don't modify file descriptor mode on the fly	2020-12-30 11:54:17 +01:00
platform_certs	integrity: Load certs from the EFI MOK config table	2020-09-16 18:53:42 +03:00
digsig.c	fs/kernel_file_read: Add "offset" arg for partial reads	2020-10-05 13:37:04 +02:00
digsig_asymmetric.c	integrity-v5.10	2020-10-15 15:58:18 -07:00
iint.c	integrity/ima: switch to using __kernel_read	2020-07-08 08:27:57 +02:00
integrity.h	integrity: Add errno field in audit message	2020-07-16 21:48:11 -04:00
integrity_audit.c	integrity: Use current_uid() in integrity_audit_message()	2020-08-31 17:46:50 -04:00
Kconfig	powerpc: Load firmware trusted keys/hashes into kernel keyring	2019-11-13 00:33:23 +11:00
Makefile	powerpc: Load firmware trusted keys/hashes into kernel keyring	2019-11-13 00:33:23 +11:00