Kernel bump from 4.1.3-rt to 4.1.7-rt.

[kvmfornfv.git] / kernel / security / integrity / evm / evm_main.c

diff --git a/kernel/security/integrity/evm/evm_main.c b/kernel/security/integrity/evm/evm_main.c
index 10f9943..5820914 100644 (file)
--- a/kernel/security/integrity/evm/evm_main.c
+++ b/kernel/security/integrity/evm/evm_main.c
@@ -296,6 +296,17 @@ static int evm_protect_xattr(struct dentry *dentry, const char *xattr_name,
                iint = integrity_iint_find(d_backing_inode(dentry));
                if (iint && (iint->flags & IMA_NEW_FILE))
                        return 0;
+
+               /* exception for pseudo filesystems */
+               if (dentry->d_inode->i_sb->s_magic == TMPFS_MAGIC
+                   || dentry->d_inode->i_sb->s_magic == SYSFS_MAGIC)
+                       return 0;
+
+               integrity_audit_msg(AUDIT_INTEGRITY_METADATA,
+                                   dentry->d_inode, dentry->d_name.name,
+                                   "update_metadata",
+                                   integrity_status_msg[evm_status],
+                                   -EPERM, 0);
        }
 out:
        if (evm_status != INTEGRITY_PASS)