[prev in list] [next in list] [prev in thread] [next in thread]
List: rpmorg-maint
Subject: [Rpm-maint] [PATCH v2 2/4] ima-plugin: Only run the IMA plugin on package installation
From: stefanb () linux ! vnet ! ibm ! com (Stefan Berger)
Date: 2016-09-22 17:30:56
Message-ID: 1474565458-27881-3-git-send-email-stefanb () linux ! vnet ! ibm ! com
[Download RAW message or body]
We want to prevent that the IMA plugin applies signatures of the older
version of files. So we have to check whether we are in the install
(TR_ADDED) or remove (TR_REMOVED) cycle of a package. We only apply
signatures in the install cycle.
Signed-off-by: Stefan Berger <stefanb at linux.vnet.ibm.com>
---
plugins/ima.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/plugins/ima.c b/plugins/ima.c
index 81ed194..4a419b0 100644
--- a/plugins/ima.c
+++ b/plugins/ima.c
@@ -44,6 +44,9 @@ static rpmRC ima_psm_post(rpmPlugin plugin, rpmte te, int res)
int rc = 0, n;
struct stat statbuf;
+ if (rpmteType(te) != TR_ADDED)
+ return 0;
+
if (fi == NULL) {
rc = RPMERR_BAD_MAGIC;
goto exit;
--
2.5.5
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic