From: Dmitry Kasatkin <d.kasatkin@samsung.com>
Date: Fri, 27 Jun 2014 15:04:27 +0000 (+0300)
Subject: ima: provide flag to identify new empty files
X-Git-Tag: fixes-against-v3.18-rc2~106^2~12^2~13
X-Git-Url: http://git.openpandora.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b151d6b00bbb798c58f2f21305e7d43fa763f34f;p=pandora-kernel.git

ima: provide flag to identify new empty files

On ima_file_free(), newly created empty files are not labeled with
an initial security.ima value, because the iversion did not change.
Commit dff6efc "fs: fix iversion handling" introduced a change in
iversion behavior.  To verify this change use the shell command:

  $ (exec >foo)
  $ getfattr -h -e hex -d -m security foo

This patch defines the IMA_NEW_FILE flag.  The flag is initially
set, when IMA detects that a new file is created, and subsequently
checked on the ima_file_free() hook to set the initial security.ima
value.

Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Cc: <stable@vger.kernel.org>  3.14+
---

Reading git-diff-tree failed