On Wed, 2014-09-24 at 15:07 +0300, Dmitry Kasatkin wrote: > If filesystem is mounted read-only or file is immutable, updating > xattr will fail. This is a usual case during early boot until > filesystem is remount read-write. This patch verifies conditions > to skip unnecessary attempt to calculate HMAC and set xattr. > > Signed-off-by: Dmitry Kasatkin <[email protected]> > --- > security/integrity/evm/evm_main.c | 11 ++++++++--- > 1 file changed, 8 insertions(+), 3 deletions(-) > > diff --git a/security/integrity/evm/evm_main.c > b/security/integrity/evm/evm_main.c > index 9685af3..a30be77 100644 > --- a/security/integrity/evm/evm_main.c > +++ b/security/integrity/evm/evm_main.c > @@ -162,9 +162,14 @@ static enum integrity_status evm_verify_hmac(struct > dentry *dentry, > (const char *)xattr_data, xattr_len, > calc.digest, sizeof(calc.digest)); > if (!rc) { > - /* we probably want to replace rsa with hmac here */ > - evm_update_evmxattr(dentry, xattr_name, xattr_value, > - xattr_value_len); > + /* Replace RSA with HMAC if not mounted readonly and > + * not immutable > + */ > + if (!IS_RDONLY(dentry->d_inode) && > + !IS_IMMUTABLE(dentry->d_inode))
Previously patches conformed to Lindent, unless there was a valid reason not to use it, like conflicting with checkpatch.pl. Joe Perches submitted a patch to remove it from the Documentation/CodingStyle a while ago - https://lkml.org/lkml/2013/2/11/390 and recommends using "checkpatch.pl --fix" instead. Andrew, Greg, what is the current best practice? thanks, Mimi > + evm_update_evmxattr(dentry, xattr_name, > + xattr_value, > + xattr_value_len); > } > break; > default: -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
