diff options
| author |   Mimi Zohar <zohar@linux.vnet.ibm.com> | 2018-03-10 23:07:34 -0500 |
|---|---|---|
| committer | Mimi Zohar <zohar@linux.vnet.ibm.com> | 2018-03-23 06:31:37 -0400 |
| commit | a9a4935d44b58c858a81393694bc232a96cdcbd4 (patch) | |
| tree | ee3c6a3bac3399f8d71e75538c554c5ac0807625 /security/integrity/ima/ima_policy.c | |
| parent | ima: re-evaluate files on privileged mounted filesystems (diff) | |
| download | linux-dev-a9a4935d44b58c858a81393694bc232a96cdcbd4.tar.xz linux-dev-a9a4935d44b58c858a81393694bc232a96cdcbd4.zip | |
ima: clear IMA_HASH
The IMA_APPRAISE and IMA_HASH policies overlap. Clear IMA_HASH properly.
Fixes: da1b0029f527 ("ima: support new "hash" and "dont_hash" policy actions")
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Diffstat (limited to 'security/integrity/ima/ima_policy.c')
| -rw-r--r-- | security/integrity/ima/ima_policy.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index e3da29af2c16..40557c06300f 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c @@ -389,7 +389,7 @@ int ima_match_policy(struct inode *inode, const struct cred *cred, u32 secid, action |= entry->action & IMA_DO_MASK; if (entry->action & IMA_APPRAISE) { action |= get_subaction(entry, func); - action ^= IMA_HASH; + action &= ~IMA_HASH; } if (entry->action & IMA_DO_MASK) |