[PATCH v8 16/19] ima: Enable re-auditing of modified files

Stefan Berger stefanb at linux.vnet.ibm.com
Tue Jan 4 17:04:13 UTC 2022


From: Stefan Berger <stefanb at linux.ibm.com>

Walk the list of ns_status associated with an iint if the file has
changed and reset the IMA_AUDITED flag, which is part of the
IMA_DONE_MASK. This causes a new audit message to be emitted when the
file is again accessed on either the host or in an IMA namespace.

Signed-off-by: Stefan Berger <stefanb at linux.ibm.com>
---
 security/integrity/ima/ima_main.c | 33 ++++++++++++++++++++++++++++++-
 1 file changed, 32 insertions(+), 1 deletion(-)

diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
index 99dc984b49c9..bc3ab08f39c6 100644
--- a/security/integrity/ima/ima_main.c
+++ b/security/integrity/ima/ima_main.c
@@ -153,6 +153,35 @@ static void ima_rdwr_violation_check(struct ima_namespace *ns,
 				  "invalid_pcr", "open_writers");
 }
 
+#ifdef CONFIG_IMA_NS
+
+static void mask_iint_ns_status_flags(struct integrity_iint_cache *iint,
+				      unsigned long mask)
+{
+	struct ns_status *status;
+	unsigned long flags;
+
+	read_lock(&iint->ns_list_lock);
+	list_for_each_entry(status, &iint->ns_list, ns_next) {
+		flags = iint_flags(iint, status) & mask;
+		set_iint_flags(iint, status, flags);
+	}
+	read_unlock(&iint->ns_list_lock);
+}
+
+#else
+
+static void mask_iint_ns_status_flags(struct integrity_iint_cache *iint,
+				      unsigned long mask)
+{
+	unsigned long flags;
+
+	flags = iint_flags(iint, NULL) & mask;
+	set_iint_flags(iint, NULL, flags);
+}
+
+#endif
+
 static void ima_check_last_writer(struct integrity_iint_cache *iint,
 				  struct inode *inode, struct file *file)
 {
@@ -169,8 +198,10 @@ static void ima_check_last_writer(struct integrity_iint_cache *iint,
 		if (!IS_I_VERSION(inode) ||
 		    !inode_eq_iversion(inode, iint->version) ||
 		    (iint->flags & IMA_NEW_FILE)) {
-			iint->flags &= ~(IMA_DONE_MASK | IMA_NEW_FILE);
+			mask_iint_ns_status_flags(iint,
+					~(IMA_DONE_MASK | IMA_NEW_FILE));
 			iint->measured_pcrs = 0;
+
 			if (update)
 				ima_update_xattr(iint, file);
 		}
-- 
2.31.1



More information about the Linux-security-module-archive mailing list