[PATCH 4/5] integrity: measure the file on sync
Janne Karhunen
janne.karhunen at gmail.com
Mon May 13 12:53:53 UTC 2019
When user requests a file sync, make sure that the IMA
measurement reflects the state of the data being sync'd.
Depends on commit c8213962517e ("integrity: keep the integrity state of open files up to date")'
Signed-off-by: Janne Karhunen <janne.karhunen at gmail.com>
Signed-off-by: Konsta Karsisto <konsta.karsisto at gmail.com>
---
fs/sync.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/fs/sync.c b/fs/sync.c
index b54e0541ad89..90353f9ed931 100644
--- a/fs/sync.c
+++ b/fs/sync.c
@@ -16,6 +16,7 @@
#include <linux/pagemap.h>
#include <linux/quotaops.h>
#include <linux/backing-dev.h>
+#include <linux/ima.h>
#include "internal.h"
#define VALID_FLAGS (SYNC_FILE_RANGE_WAIT_BEFORE|SYNC_FILE_RANGE_WRITE| \
@@ -194,6 +195,8 @@ int vfs_fsync_range(struct file *file, loff_t start, loff_t end, int datasync)
return -EINVAL;
if (!datasync && (inode->i_state & I_DIRTY_TIME))
mark_inode_dirty_sync(inode);
+ ima_file_update(file);
+
return file->f_op->fsync(file, start, end, datasync);
}
EXPORT_SYMBOL(vfs_fsync_range);
--
2.17.1
More information about the Linux-security-module-archive
mailing list