Defer writing 'security.ima' until after copying the file.
Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.com>
---
src/xattrs.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/src/xattrs.c b/src/xattrs.c
index dac15f3..dab5901 100644
--- a/src/xattrs.c
+++ b/src/xattrs.c
@@ -646,9 +646,14 @@ xattrs_xattrs_set (struct tar_stat_info const *st,
should exist something like xattrs_capabilities_set() call.
For a regular files: all extended attributes are restored during
the first run except 'security.capability' which is restored in
- 'later_run == 1'. */
+ 'later_run == 1'.
+
+ Defer writing 'security.ima' until after copying the file.
+ */
if (typeflag == REGTYPE
- && later_run == !!strcmp (keyword, "security.capability"))
+ && later_run == !(!strcmp (keyword, "security.capability")
+ || !strcmp (keyword, "security.ima")))
+
continue;
if (xattrs_masked_out (keyword, false /* extracting */ ))
--
1.8.1.4
