All of lore.kernel.org
 help / color / mirror / Atom feed
From: hooanon05@yahoo.co.jp
To: Mimi Zohar <zohar@linux.vnet.ibm.com>
Cc: linux-kernel@vger.kernel.org, James Morris <jmorris@namei.org>,
	David Safford <safford@watson.ibm.com>,
	Mimi Zohar <zohar@us.ibm.com>
Subject: Re: [PATCH] integrity: add ima_counts_put (updated)
Date: Wed, 29 Jul 2009 14:12:17 +0900	[thread overview]
Message-ID: <8045.1248844337@jrobl> (raw)
In-Reply-To: <1246039527.4809.18.camel@dyn9002018117.watson.ibm.com>


Mimi Zohar:
> This patch fixes an imbalance message as reported by J.R. Okajima.
> The IMA file counters are incremented in ima_path_check. If the
> actual open fails, such as ETXTBSY, decrement the counters to
> prevent unnecessary imbalance messages.

Unfortunately IMA seems to be still buggy.
may_open() calls ima_path_check() with IMA_COUNT_UPDATE, but may_open()
may fail later with several reasons such like, open-flag mismatch with
inode-flag, capability, the file was executing and get_write_access()
failed, etc.
In these cases, IMA has to maintain its counters too by calling
ima_counts_put() or something, does it?


J. R. Okajima

      parent reply	other threads:[~2009-07-29  5:13 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2009-06-26 15:24 [PATCH] integrity: add ima_counts_put Mimi Zohar
2009-06-26 18:05 ` [PATCH] integrity: add ima_counts_put (updated) Mimi Zohar
2009-06-28 22:50   ` James Morris
2009-06-29 11:08     ` Mimi Zohar
2009-06-29 14:12   ` hooanon05
2009-06-29 14:46     ` Mimi Zohar
2009-06-29 20:36       ` hooanon05
2009-06-29 22:04         ` Mimi Zohar
2009-07-03  4:02           ` hooanon05
2009-07-03 18:37             ` Mimi Zohar
2009-07-29  5:12   ` hooanon05 [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=8045.1248844337@jrobl \
    --to=hooanon05@yahoo.co.jp \
    --cc=jmorris@namei.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=safford@watson.ibm.com \
    --cc=zohar@linux.vnet.ibm.com \
    --cc=zohar@us.ibm.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.