[PATCH 4/5] integrity: measure the file on sync

Janne Karhunen janne.karhunen at gmail.com
Mon May 13 12:53:53 UTC 2019


When user requests a file sync, make sure that the IMA
measurement reflects the state of the data being sync'd.

Depends on commit c8213962517e ("integrity: keep the integrity state of open files up to date")'

Signed-off-by: Janne Karhunen <janne.karhunen at gmail.com>
Signed-off-by: Konsta Karsisto <konsta.karsisto at gmail.com>
---
 fs/sync.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/fs/sync.c b/fs/sync.c
index b54e0541ad89..90353f9ed931 100644
--- a/fs/sync.c
+++ b/fs/sync.c
@@ -16,6 +16,7 @@
 #include <linux/pagemap.h>
 #include <linux/quotaops.h>
 #include <linux/backing-dev.h>
+#include <linux/ima.h>
 #include "internal.h"
 
 #define VALID_FLAGS (SYNC_FILE_RANGE_WAIT_BEFORE|SYNC_FILE_RANGE_WRITE| \
@@ -194,6 +195,8 @@ int vfs_fsync_range(struct file *file, loff_t start, loff_t end, int datasync)
 		return -EINVAL;
 	if (!datasync && (inode->i_state & I_DIRTY_TIME))
 		mark_inode_dirty_sync(inode);
+	ima_file_update(file);
+
 	return file->f_op->fsync(file, start, end, datasync);
 }
 EXPORT_SYMBOL(vfs_fsync_range);
-- 
2.17.1



More information about the Linux-security-module-archive mailing list