[Rpm-maint] [PATCH 2/3] ima-plugin: Only run the IMA plugin on package installation

Stefan Berger Wed, 21 Sep 2016 11:05:11 -0700

We want to prevent that the IMA plugin applies signatures of the older
version of files. So we have to check whether we are in the install
(TR_ADDED) or remove (TR_REMOVED) cycle of a package. We only apply
signatures in the install cycle.


Signed-off-by: Stefan Berger <stef...@linux.vnet.ibm.com>
---
 plugins/ima.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/plugins/ima.c b/plugins/ima.c
index 81ed194..4a419b0 100644
--- a/plugins/ima.c
+++ b/plugins/ima.c
@@ -44,6 +44,9 @@ static rpmRC ima_psm_post(rpmPlugin plugin, rpmte te, int res)
        int rc = 0, n;
        struct stat statbuf;
 
+       if (rpmteType(te) != TR_ADDED)
+           return 0;
+
        if (fi == NULL) {
            rc = RPMERR_BAD_MAGIC;
            goto exit;
-- 
2.5.5

_______________________________________________
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

[Rpm-maint] [PATCH 2/3] ima-plugin: Only run the IMA plugin on package installation

Reply via email to