Do not call 'ima_path_check()' for each path component
Not only is that a supremely timing-critical path, but it's hopefully some day going to be lockless for the common case, and ima can't do that. Plus the integrity code doesn't even care about non-regular files, so it was always a total waste of time and effort. Acked-by: Serge Hallyn <serue@us.ibm.com> Acked-by: Mimi Zohar <zohar@us.ibm.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This commit is contained in:
parent
7c8460db30
commit
e8e66ed25b
1 changed files with 0 additions and 3 deletions
|
@ -856,9 +856,6 @@ static int __link_path_walk(const char *name, struct nameidata *nd)
|
|||
if (err == -EAGAIN)
|
||||
err = inode_permission(nd->path.dentry->d_inode,
|
||||
MAY_EXEC);
|
||||
if (!err)
|
||||
err = ima_path_check(&nd->path, MAY_EXEC,
|
||||
IMA_COUNT_UPDATE);
|
||||
if (err)
|
||||
break;
|
||||
|
||||
|
|
Loading…
Reference in a new issue