diff options
Diffstat (limited to 'security')
| -rw-r--r-- | security/integrity/ima/ima_main.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index 0abc7d0db90b..21330d0455b0 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c | |||
| @@ -404,8 +404,10 @@ int ima_read_file(struct file *file, enum kernel_read_file_id read_id) | |||
| 404 | 404 | ||
| 405 | if (!file && read_id == READING_MODULE) { | 405 | if (!file && read_id == READING_MODULE) { |
| 406 | if (!sig_enforce && (ima_appraise & IMA_APPRAISE_MODULES) && | 406 | if (!sig_enforce && (ima_appraise & IMA_APPRAISE_MODULES) && |
| 407 | (ima_appraise & IMA_APPRAISE_ENFORCE)) | 407 | (ima_appraise & IMA_APPRAISE_ENFORCE)) { |
| 408 | pr_err("impossible to appraise a module without a file descriptor. sig_enforce kernel parameter might help\n"); | ||
| 408 | return -EACCES; /* INTEGRITY_UNKNOWN */ | 409 | return -EACCES; /* INTEGRITY_UNKNOWN */ |
| 410 | } | ||
| 409 | return 0; /* We rely on module signature checking */ | 411 | return 0; /* We rely on module signature checking */ |
| 410 | } | 412 | } |
| 411 | return 0; | 413 | return 0; |