summaryrefslogtreecommitdiffstats
path: root/kernel/security/integrity/evm
diff options
context:
space:
mode:
Diffstat (limited to 'kernel/security/integrity/evm')
-rw-r--r--kernel/security/integrity/evm/evm_main.c11
1 files changed, 11 insertions, 0 deletions
diff --git a/kernel/security/integrity/evm/evm_main.c b/kernel/security/integrity/evm/evm_main.c
index 10f994307..582091498 100644
--- a/kernel/security/integrity/evm/evm_main.c
+++ b/kernel/security/integrity/evm/evm_main.c
@@ -296,6 +296,17 @@ static int evm_protect_xattr(struct dentry *dentry, const char *xattr_name,
iint = integrity_iint_find(d_backing_inode(dentry));
if (iint && (iint->flags & IMA_NEW_FILE))
return 0;
+
+ /* exception for pseudo filesystems */
+ if (dentry->d_inode->i_sb->s_magic == TMPFS_MAGIC
+ || dentry->d_inode->i_sb->s_magic == SYSFS_MAGIC)
+ return 0;
+
+ integrity_audit_msg(AUDIT_INTEGRITY_METADATA,
+ dentry->d_inode, dentry->d_name.name,
+ "update_metadata",
+ integrity_status_msg[evm_status],
+ -EPERM, 0);
}
out:
if (evm_status != INTEGRITY_PASS)