diff options
author | Roberto Sassu <roberto.sassu@huawei.com> | 2024-02-15 11:31:03 +0100 |
---|---|---|
committer | Paul Moore <paul@paul-moore.com> | 2024-02-15 23:43:44 -0500 |
commit | a7811e34d100acf24870eb949c5ae3e49dde18b9 (patch) | |
tree | fa9839a50b4601873ea5bb9fdb357202c3793894 /fs/namei.c | |
parent | 08abce60d63fb55f440c393f4508e99064f2fd91 (diff) | |
download | lwn-a7811e34d100acf24870eb949c5ae3e49dde18b9.tar.gz lwn-a7811e34d100acf24870eb949c5ae3e49dde18b9.zip |
security: Introduce inode_post_create_tmpfile hook
In preparation for moving IMA and EVM to the LSM infrastructure, introduce
the inode_post_create_tmpfile hook.
As temp files can be made persistent, treat new temp files like other new
files, so that the file hash is calculated and stored in the security
xattr.
LSMs could also take some action after temp files have been created.
The new hook cannot return an error and cannot cause the operation to be
canceled.
Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
Acked-by: Casey Schaufler <casey@schaufler-ca.com>
Reviewed-by: Mimi Zohar <zohar@linux.ibm.com>
Acked-by: Christian Brauner <brauner@kernel.org>
Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'fs/namei.c')
-rw-r--r-- | fs/namei.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/fs/namei.c b/fs/namei.c index 9280aa5d60a7..c7ac7fdf0f25 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -3705,6 +3705,7 @@ static int vfs_tmpfile(struct mnt_idmap *idmap, inode->i_state |= I_LINKABLE; spin_unlock(&inode->i_lock); } + security_inode_post_create_tmpfile(idmap, inode); ima_post_create_tmpfile(idmap, inode); return 0; } |