ima: prevent new digsig xattr from being replaced
authorMimi Zohar <zohar@linux.vnet.ibm.com>
Tue, 18 Mar 2014 03:24:18 +0000 (23:24 -0400)
committerMimi Zohar <zohar@linux.vnet.ibm.com>
Thu, 12 Jun 2014 21:58:05 +0000 (17:58 -0400)
commit060bdebfb0b82751be89c0ce4b6e2c88606a354b
treeb3b8253420850eb54927da9f68e41d9ad074ac6f
parent0e04c641b199435f3779454055f6a7de258ecdfc
ima: prevent new digsig xattr from being replaced

Even though a new xattr will only be appraised on the next access,
set the DIGSIG flag to prevent a signature from being replaced with
a hash on file close.

Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
security/integrity/ima/ima_appraise.c