hulk inclusion category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/IBCIAZ
--------------------------------
The definition of IMA_FIX_OVERLAYFS_DETECTION is wrong with the bool field has no content, and the use of it in ima_main.c is wrong with the missing prefix CONFIG_, so correct them.
Fixes: a670a0ede1e7 ("IMA: Introduce a config for fix on IMA with Overlayfs issue") Signed-off-by: Xiang Yang xiangyang3@huawei.com --- security/integrity/ima/Kconfig | 2 +- security/integrity/ima/ima_main.c | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/security/integrity/ima/Kconfig b/security/integrity/ima/Kconfig index 9e254c5cb117..09f5d88d60e7 100644 --- a/security/integrity/ima/Kconfig +++ b/security/integrity/ima/Kconfig @@ -370,7 +370,7 @@ config IMA_PARSER_BINARY_PATH This option defines the path of the parser binary.
config IMA_FIX_OVERLAYFS_DETECTION - bool + bool "Fix for overlayfs backing inode change detection" default y help This option enables the fix for overlayfs backing inode change diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index ac5f82b2dd58..c211a2c5f297 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -267,7 +267,7 @@ static int process_measurement(struct file *file, const struct cred *cred, u32 secid, char *buf, loff_t size, int mask, enum ima_hooks func) { -#ifdef IMA_FIX_OVERLAYFS_DETECTION +#ifdef CONFIG_IMA_FIX_OVERLAYFS_DETECTION struct inode *backing_inode, *inode = file_inode(file); #else struct inode *inode = file_inode(file); @@ -348,7 +348,7 @@ static int process_measurement(struct file *file, const struct cred *cred, iint->measured_pcrs = 0; }
-#ifdef IMA_FIX_OVERLAYFS_DETECTION +#ifdef CONFIG_IMA_FIX_OVERLAYFS_DETECTION /* Detect and re-evaluate changes made to the backing file. */ backing_inode = d_real_inode(file_dentry(file)); if (backing_inode != inode &&