From 9353384ec8128cb443463016bbabb44ca857ff52 Mon Sep 17 00:00:00 2001 From: Eric Paris Date: Fri, 4 Dec 2009 15:47:52 -0500 Subject: ima: only insert at inode creation time iints are supposed to be allocated when an inode is allocated (during security_inode_alloc()) But we have code which will attempt to allocate an iint during measurement calls. If we couldn't allocate the iint and we cared, we should have died during security_inode_alloc(). Not make the code more complex and less efficient. Signed-off-by: Eric Paris Signed-off-by: Al Viro --- security/integrity/ima/ima.h | 1 - 1 file changed, 1 deletion(-) (limited to 'security/integrity/ima/ima.h') diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h index 165eb5397ea5..349aabc83297 100644 --- a/security/integrity/ima/ima.h +++ b/security/integrity/ima/ima.h @@ -128,7 +128,6 @@ void ima_template_show(struct seq_file *m, void *e, */ struct ima_iint_cache *ima_iint_insert(struct inode *inode); struct ima_iint_cache *ima_iint_find_get(struct inode *inode); -struct ima_iint_cache *ima_iint_find_insert_get(struct inode *inode); void ima_iint_delete(struct inode *inode); void iint_free(struct kref *kref); void iint_rcu_free(struct rcu_head *rcu); -- cgit v1.2.3 From e0d5bd2aec4e69e720ee86958503923cafb45be5 Mon Sep 17 00:00:00 2001 From: Eric Paris Date: Fri, 4 Dec 2009 15:48:00 -0500 Subject: IMA: clean up the IMA counts updating code We currently have a lot of duplicated code around ima file counts. Clean that all up. Signed-off-by: Eric Paris Acked-by: Serge Hallyn Signed-off-by: Al Viro --- security/integrity/ima/ima.h | 1 - 1 file changed, 1 deletion(-) (limited to 'security/integrity/ima/ima.h') diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h index 349aabc83297..268ef57b9142 100644 --- a/security/integrity/ima/ima.h +++ b/security/integrity/ima/ima.h @@ -97,7 +97,6 @@ static inline unsigned long ima_hash_key(u8 *digest) /* iint cache flags */ #define IMA_MEASURED 1 -#define IMA_IINT_DUMP_STACK 512 /* integrity data associated with an inode */ struct ima_iint_cache { -- cgit v1.2.3 From 85a17f552dfe77efb44b971615e4f221a5f28f37 Mon Sep 17 00:00:00 2001 From: Eric Paris Date: Fri, 4 Dec 2009 15:48:08 -0500 Subject: ima: call ima_inode_free ima_inode_free ima_inode_free() has some funky #define just to confuse the crap out of me. void ima_iint_delete(struct inode *inode) and then things actually call ima_inode_free() and nothing calls ima_iint_delete(). Signed-off-by: Eric Paris Signed-off-by: Al Viro --- security/integrity/ima/ima.h | 1 - 1 file changed, 1 deletion(-) (limited to 'security/integrity/ima/ima.h') diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h index 268ef57b9142..c41afe6639a0 100644 --- a/security/integrity/ima/ima.h +++ b/security/integrity/ima/ima.h @@ -127,7 +127,6 @@ void ima_template_show(struct seq_file *m, void *e, */ struct ima_iint_cache *ima_iint_insert(struct inode *inode); struct ima_iint_cache *ima_iint_find_get(struct inode *inode); -void ima_iint_delete(struct inode *inode); void iint_free(struct kref *kref); void iint_rcu_free(struct rcu_head *rcu); -- cgit v1.2.3