[prev in list] [next in list] [prev in thread] [next in thread] 

List:       rpmorg-maint
Subject:    [Rpm-maint] [PATCH v2 2/4] ima-plugin: Only run the IMA plugin on package installation
From:       stefanb () linux ! vnet ! ibm ! com (Stefan Berger)
Date:       2016-09-22 17:30:56
Message-ID: 1474565458-27881-3-git-send-email-stefanb () linux ! vnet ! ibm ! com
[Download RAW message or body]

We want to prevent that the IMA plugin applies signatures of the older
version of files. So we have to check whether we are in the install
(TR_ADDED) or remove (TR_REMOVED) cycle of a package. We only apply
signatures in the install cycle.

Signed-off-by: Stefan Berger <stefanb at linux.vnet.ibm.com>
---
 plugins/ima.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/plugins/ima.c b/plugins/ima.c
index 81ed194..4a419b0 100644
--- a/plugins/ima.c
+++ b/plugins/ima.c
@@ -44,6 +44,9 @@ static rpmRC ima_psm_post(rpmPlugin plugin, rpmte te, int res)
 	int rc = 0, n;
 	struct stat statbuf;
 
+	if (rpmteType(te) != TR_ADDED)
+	    return 0;
+
 	if (fi == NULL) {
 	    rc = RPMERR_BAD_MAGIC;
 	    goto exit;
-- 
2.5.5


[prev in list] [next in list] [prev in thread] [next in thread]