From 33ff9595e5f1e1b4a2d4d035ea05ebe69a2731a4 Mon Sep 17 00:00:00 2001
From: Dmitry Kasatkin <d.kasatkin@samsung.com>
Date: Thu, 16 Jan 2014 16:39:57 +0200
Subject: [PATCH] Use lsetxattr() instead of setxattr()

IMA/EVM extended attributes should be set for symbolic links themselves,
not to the entries pointed by them. setxattr() dereference symbolic links.
It is necessary to use lsetxattr().

Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
---
 src/evmctl.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/evmctl.c b/src/evmctl.c
index ebbbff0..12df66b 100644
--- a/src/evmctl.c
+++ b/src/evmctl.c
@@ -841,7 +841,7 @@ static int sign_evm(const char *file, const char *key)
 		return len;
 
 	if (xattr) {
-		err = setxattr(file, "security.evm", sig, len + 1, 0);
+		err = lsetxattr(file, "security.evm", sig, len + 1, 0);
 		if (err < 0) {
 			log_err("setxattr failed: %s\n", file);
 			return err;
@@ -1024,7 +1024,7 @@ static int hash_ima(const char *file)
 		dump(hash, len + 1);
 
 	if (xattr) {
-		err = setxattr(file, "security.ima", hash, len + 1, 0);
+		err = lsetxattr(file, "security.ima", hash, len + 1, 0);
 		if (err < 0) {
 			log_err("setxattr failed: %s\n", file);
 			return err;
@@ -1079,7 +1079,7 @@ static int sign_ima(const char *file, const char *key)
 		bin2file(file, "sig", sig, len);
 
 	if (xattr) {
-		err = setxattr(file, "security.ima", sig, len, 0);
+		err = lsetxattr(file, "security.ima", sig, len, 0);
 		if (err < 0) {
 			log_err("setxattr failed: %s\n", file);
 			return err;
@@ -1543,7 +1543,7 @@ static int hmac_evm(const char *file, const char *key)
 	memcpy(sig + 1, hash, len);
 
 	if (xattr) {
-		err = setxattr(file, "security.evm", sig, len + 1, 0);
+		err = lsetxattr(file, "security.evm", sig, len + 1, 0);
 		if (err < 0) {
 			log_err("setxattr failed: %s\n", file);
 			return err;