-
Mimi Zohar authored
Changing file metadata (eg. uid, guid) could result in having to re-appraise a file's integrity, but does not change the "new file" status nor the security.ima xattr. The IMA_PERMIT_DIRECTIO and IMA_DIGSIG_REQUIRED flags are policy rule specific. This patch only resets these flags, not the IMA_NEW_FILE or IMA_DIGSIG flags. With this patch, changing the file timestamp will not remove the file signature on new files. Reported-by: Dmitry Rozhkov <dmitry.rozhkov@linux.intel.com> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com> Tested-by: Dmitry Rozhkov <dmitry.rozhkov@linux.intel.com>
42a4c603