diff options
author | Mimi Zohar <zohar@linux.vnet.ibm.com> | 2011-03-16 22:48:43 -0400 |
---|---|---|
committer | Mimi Zohar <zohar@linux.vnet.ibm.com> | 2012-09-07 14:57:27 -0400 |
commit | 4199d35cbc90c15db447d115bd96ffa5f1d60d3a (patch) | |
tree | f012b30b0b2269eef36261ac5b7a918cd91f95b8 | |
parent | 2ab51f3721f7abdf92d89cb79d3d6c0062ddc14b (diff) | |
download | linux-3.10-4199d35cbc90c15db447d115bd96ffa5f1d60d3a.tar.gz linux-3.10-4199d35cbc90c15db447d115bd96ffa5f1d60d3a.tar.bz2 linux-3.10-4199d35cbc90c15db447d115bd96ffa5f1d60d3a.zip |
vfs: move ima_file_free before releasing the file
ima_file_free(), called on __fput(), currently flags files that have
changed, so that the file is re-measured. For appraising a files's
integrity, the file's hash must be re-calculated and stored in the
'security.ima' xattr to reflect any changes.
This patch moves the ima_file_free() call to before releasing the file
in preparation of ima-appraisal measuring the file and updating the
'security.ima' xattr.
Signed-off-by: Mimi Zohar <zohar@us.ibm.com>
Acked-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
-rw-r--r-- | fs/file_table.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/fs/file_table.c b/fs/file_table.c index 701985e4ccd..a41f23f90b1 100644 --- a/fs/file_table.c +++ b/fs/file_table.c @@ -243,10 +243,10 @@ static void __fput(struct file *file) if (file->f_op && file->f_op->fasync) file->f_op->fasync(-1, file, 0); } + ima_file_free(file); if (file->f_op && file->f_op->release) file->f_op->release(inode, file); security_file_free(file); - ima_file_free(file); if (unlikely(S_ISCHR(inode->i_mode) && inode->i_cdev != NULL && !(file->f_mode & FMODE_PATH))) { cdev_put(inode->i_cdev); |