]> git.proxmox.com Git - mirror_ubuntu-bionic-kernel.git/blobdiff - security/integrity/ima/ima_appraise.c
projects / mirror_ubuntu-bionic-kernel.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
ima: relax requiring a file signature for new files with zero length
[mirror_ubuntu-bionic-kernel.git] / security / integrity / ima / ima_appraise.c
diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c
index 65fbcf3c32c735b9547a9f77b4a94bd7666d87fd..d32e6a1d931ae66ec562e16026fbdbf7552c37e1 100644 (file)
--- a/security/integrity/ima/ima_appraise.c
+++ b/security/integrity/ima/ima_appraise.c
@@ -223,7 +223,8 @@ int ima_appraise_measurement(enum ima_hooks func,
                if (opened & FILE_CREATED)
                        iint->flags |= IMA_NEW_FILE;
                if ((iint->flags & IMA_NEW_FILE) &&
-                   !(iint->flags & IMA_DIGSIG_REQUIRED))
+                   (!(iint->flags & IMA_DIGSIG_REQUIRED) ||
+                    (inode->i_size == 0)))
                        status = INTEGRITY_PASS;
                goto out;
        }
ubuntu-bionic-kernel mirror