On 15-10-19 18:28:22, Mimi Zohar wrote:
> On Mon, 2015-10-19 at 14:21 -0400, Mimi Zohar wrote:
> > On Fri, 2015-10-16 at 22:31 +0300, Petko Manolov wrote:
>
> > > diff --git a/security/integrity/ima/ima_fs.c
> > > b/security/integrity/ima/ima_fs.c
> > > index 816d175..a3cf5c0 100644
> > > --- a/security/integrity/ima/ima_fs.c
> > > +++ b/security/integrity/ima/ima_fs.c
> > > @@ -25,6 +25,8 @@
> > >
> > > #include "ima.h"
> > >
> > > +static DEFINE_MUTEX(ima_write_mutex);
> > > +
> > > static int valid_policy = 1;
> > > #define TMPBUFLEN 12
> > > static ssize_t ima_show_htable_value(char __user *buf, size_t count,
> > > @@ -261,6 +263,11 @@ static ssize_t ima_write_policy(struct file *file,
> > > const char __user *buf,
> > > {
> > > char *data = NULL;
> > > ssize_t result;
> > > + int res;
> > > +
> > > + res = mutex_lock_interruptible(&ima_write_mutex);
> > > + if (res)
> > > + return res;
> > >
> > > if (datalen >= PAGE_SIZE)
> > > datalen = PAGE_SIZE - 1;
> > > @@ -286,6 +293,8 @@ out:
> > > if (result < 0)
> > > valid_policy = 0;
> > > kfree(data);
> > > + mutex_unlock(&ima_write_mutex);
> > > +
> > > return result;
> > > }
> > >
> > > @@ -337,8 +346,12 @@ static int ima_release_policy(struct inode *inode,
> > > struct file *file)
> > > return 0;
> > > }
> > > ima_update_policy();
> > > +#ifndef CONFIG_IMA_WRITE_POLICY
> > > securityfs_remove(ima_policy);
> > > ima_policy = NULL;
> > > +#else
> > > + clear_bit(IMA_FS_BUSY, &ima_fs_flags);
> > > +#endif
> > > return 0;
> > > }
> > >
>
> The IMA_FS_BUSY flag needs to be cleared, like here, above for !
> valid_policy.
Good catch. Fixed.
Petko
--
To unsubscribe from this list: send the line "unsubscribe
linux-security-module" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
