From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-19.4 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, URIBL_BLOCKED,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 91056C07E99 for ; Mon, 12 Jul 2021 08:19:32 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 7B58460FDB for ; Mon, 12 Jul 2021 08:19:32 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1347786AbhGLIWS (ORCPT ); Mon, 12 Jul 2021 04:22:18 -0400 Received: from mail.kernel.org ([198.145.29.99]:43060 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1346331AbhGLHjd (ORCPT ); Mon, 12 Jul 2021 03:39:33 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 22193610D1; Mon, 12 Jul 2021 07:34:27 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1626075268; bh=LX8MytkC20dE/E1lNwDIxGB7QpmzBK0Wy9YYqWHXUwo=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=gtozNg+WGQGh1kWh5xocWpiFXmb3KorSlXI2mvf2HLqZvWNLqK2t/OJsGDcTMC00J y/uII4laO0VB4ZCn8RU8PlnYYRzcRIL/6fVYufRhRCsAlXgnLIBcUbkxwggZ+RLEU2 LV7ALs+nNQZJbvvZ5544dZHSPBhghVBNdb77Nx0o= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Roberto Sassu , Mimi Zohar , Sasha Levin Subject: [PATCH 5.13 163/800] ima: Dont remove security.ima if file must not be appraised Date: Mon, 12 Jul 2021 08:03:06 +0200 Message-Id: <20210712060935.924793830@linuxfoundation.org> X-Mailer: git-send-email 2.32.0 In-Reply-To: <20210712060912.995381202@linuxfoundation.org> References: <20210712060912.995381202@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Roberto Sassu [ Upstream commit ed1b472fc15aeaa20ddeeb93fd25190014e50d17 ] Files might come from a remote source and might have xattrs, including security.ima. It should not be IMA task to decide whether security.ima should be kept or not. This patch removes the removexattr() system call in ima_inode_post_setattr(). Signed-off-by: Roberto Sassu Signed-off-by: Mimi Zohar Signed-off-by: Sasha Levin --- security/integrity/ima/ima_appraise.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c index 4e5eb0236278..55dac618f2a1 100644 --- a/security/integrity/ima/ima_appraise.c +++ b/security/integrity/ima/ima_appraise.c @@ -522,8 +522,6 @@ void ima_inode_post_setattr(struct user_namespace *mnt_userns, return; action = ima_must_appraise(mnt_userns, inode, MAY_ACCESS, POST_SETATTR); - if (!action) - __vfs_removexattr(&init_user_ns, dentry, XATTR_NAME_IMA); iint = integrity_iint_find(inode); if (iint) { set_bit(IMA_CHANGE_ATTR, &iint->atomic_flags); -- 2.30.2