Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit e9d393bf authored by Eric Paris's avatar Eric Paris Committed by James Morris
Browse files

IMA: reject policies with unknown entries 



Currently the ima policy load code will print what it doesn't understand
but really I think it should reject any policy it doesn't understand.  This
patch makes it so!

Signed-off-by: default avatarEric Paris <eparis@redhat.com>
Acked-by: default avatarMimi Zohar <zohar@us.ibm.com>
Signed-off-by: default avatarJames Morris <jmorris@namei.org>
parent b9035b1f

security/integrity/ima/ima_policy.c

+1 −0
Original line number Original line Diff line number Diff line
@@ -398,6 +398,7 @@ static int ima_parse_rule(char *rule, struct ima_measure_rule_entry *entry) 
						   AUDIT_SUBJ_TYPE);

						   AUDIT_SUBJ_TYPE);

			break;

			break;

		case Opt_err:

		case Opt_err:

			result = -EINVAL;

			audit_log_format(ab, "UNKNOWN=%s ", p);

			audit_log_format(ab, "UNKNOWN=%s ", p);

			break;

			break;

		}

		}