From mboxrd@z Thu Jan  1 00:00:00 1970
From: Dmitry Kasatkin <d.kasatkin@samsung.com>
Subject: [PATCH v1 0/3] fixes for missing security.ima on new empty files
Date: Fri, 11 Jul 2014 14:46:58 +0300
Message-ID: <cover.1405078844.git.d.kasatkin@samsung.com>
Cc: linux-kernel@vger.kernel.org, viro@zeniv.linux.org.uk,
	linux-fsdevel@vger.kernel.org, dmitry.kasatkin@gmail.com,
	Dmitry Kasatkin <d.kasatkin@samsung.com>
To: zohar@linux.vnet.ibm.com, linux-ima-devel@lists.sourceforge.net,
	linux-security-module@vger.kernel.org
Return-path: <linux-fsdevel-owner@vger.kernel.org>
Received: from mailout3.w1.samsung.com ([210.118.77.13]:38230 "EHLO
	mailout3.w1.samsung.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1751404AbaGKLs1 (ORCPT
	<rfc822;linux-fsdevel@vger.kernel.org>);
	Fri, 11 Jul 2014 07:48:27 -0400
Sender: linux-fsdevel-owner@vger.kernel.org
List-ID: <linux-fsdevel.vger.kernel.org>

Hi,

This patchset fixes the problem of missing security.ima on new empty files.
Detailed descriptions of problems are in the following patch descriptions.
First two patches fixes the problem. Third patch makes use of FILE_CREATED
flag from VFS, which was not available at the time IMA appraisal came to the
kernel.

- Dmitry

Dmitry Kasatkin (3):
  ima: provide flag to identify new empty files
  evm: skip integrity verification for newly created files
  ima: pass 'opened' flag to identify newly created files

 fs/namei.c                            |  2 +-
 fs/nfsd/vfs.c                         |  2 +-
 include/linux/ima.h                   |  4 ++--
 security/integrity/evm/evm_main.c     |  6 +++++-
 security/integrity/ima/ima.h          |  4 ++--
 security/integrity/ima/ima_appraise.c |  9 ++++++---
 security/integrity/ima/ima_main.c     | 26 ++++++++++++++------------
 security/integrity/integrity.h        |  1 +
 8 files changed, 32 insertions(+), 22 deletions(-)

-- 
1.9.1