ima: limit the number of open-writers integrity violations (5b3cd801) · Commits · CodeLinaro / la / kernel / msm

Commit 5b3cd801 authored 2 months ago by Mimi Zohar

ima: limit the number of open-writers integrity violations


Each time a file in policy, that is already opened for write, is opened
for read, an open-writers integrity violation audit message is emitted
and a violation record is added to the IMA measurement list. This
occurs even if an open-writers violation has already been recorded.

Limit the number of open-writers integrity violations for an existing
file open for write to one.  After the existing file open for write
closes (__fput), subsequent open-writers integrity violations may be
emitted.

Cc: stable@vger.kernel.org # applies cleanly up to linux-6.6
Tested-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Petr Vorel <pvorel@suse.cz>
Tested-by: Petr Vorel <pvorel@suse.cz>
Reviewed-by: Roberto Sassu <roberto.sassu@huawei.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>

parent 7eb17214

No related branches found

No related tags found

Hide whitespace changes

Inline Side-by-side

Showing with 10 additions and 2 deletions

Please register or to comment