summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMimi Zohar <zohar@linux.vnet.ibm.com>2011-03-16 22:48:43 -0400
committerMimi Zohar <zohar@linux.vnet.ibm.com>2012-09-07 14:57:27 -0400
commit4199d35cbc90c15db447d115bd96ffa5f1d60d3a (patch)
treef012b30b0b2269eef36261ac5b7a918cd91f95b8
parent2ab51f3721f7abdf92d89cb79d3d6c0062ddc14b (diff)
downloadlinux-3.10-4199d35cbc90c15db447d115bd96ffa5f1d60d3a.tar.gz
linux-3.10-4199d35cbc90c15db447d115bd96ffa5f1d60d3a.tar.bz2
linux-3.10-4199d35cbc90c15db447d115bd96ffa5f1d60d3a.zip
vfs: move ima_file_free before releasing the file
ima_file_free(), called on __fput(), currently flags files that have changed, so that the file is re-measured. For appraising a files's integrity, the file's hash must be re-calculated and stored in the 'security.ima' xattr to reflect any changes. This patch moves the ima_file_free() call to before releasing the file in preparation of ima-appraisal measuring the file and updating the 'security.ima' xattr. Signed-off-by: Mimi Zohar <zohar@us.ibm.com> Acked-by: Serge Hallyn <serge.hallyn@ubuntu.com> Acked-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
-rw-r--r--fs/file_table.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/fs/file_table.c b/fs/file_table.c
index 701985e4ccd..a41f23f90b1 100644
--- a/fs/file_table.c
+++ b/fs/file_table.c
@@ -243,10 +243,10 @@ static void __fput(struct file *file)
if (file->f_op && file->f_op->fasync)
file->f_op->fasync(-1, file, 0);
}
+ ima_file_free(file);
if (file->f_op && file->f_op->release)
file->f_op->release(inode, file);
security_file_free(file);
- ima_file_free(file);
if (unlikely(S_ISCHR(inode->i_mode) && inode->i_cdev != NULL &&
!(file->f_mode & FMODE_PATH))) {
cdev_put(inode->i_cdev);