diff options
| author | Laura Abbott <labbott@redhat.com> | 2017-05-09 14:25:27 -0400 |
|---|---|---|
| committer | Mimi Zohar <zohar@linux.vnet.ibm.com> | 2017-06-21 14:37:12 -0400 |
| commit | 82e3bb4d44be21daefe8af857a68d3c9118c1048 (patch) | |
| tree | 649a023899eeb4b01212181f7e4a11f7d83daca2 | |
| parent | b4e280304ddb2fb5b6970524e901fc8ae8ec6337 (diff) | |
ima: Add cgroups2 to the defaults list
cgroups2 is beginning to show up in wider usage. Add it to the default
nomeasure/noappraise list like other filesystems.
Signed-off-by: Laura Abbott <labbott@redhat.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
| -rw-r--r-- | security/integrity/ima/ima_policy.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index 3653c86c70df..0acd68decb17 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c | |||
| @@ -96,6 +96,8 @@ static struct ima_rule_entry dont_measure_rules[] __ro_after_init = { | |||
| 96 | {.action = DONT_MEASURE, .fsmagic = SELINUX_MAGIC, .flags = IMA_FSMAGIC}, | 96 | {.action = DONT_MEASURE, .fsmagic = SELINUX_MAGIC, .flags = IMA_FSMAGIC}, |
| 97 | {.action = DONT_MEASURE, .fsmagic = CGROUP_SUPER_MAGIC, | 97 | {.action = DONT_MEASURE, .fsmagic = CGROUP_SUPER_MAGIC, |
| 98 | .flags = IMA_FSMAGIC}, | 98 | .flags = IMA_FSMAGIC}, |
| 99 | {.action = DONT_MEASURE, .fsmagic = CGROUP2_SUPER_MAGIC, | ||
| 100 | .flags = IMA_FSMAGIC}, | ||
| 99 | {.action = DONT_MEASURE, .fsmagic = NSFS_MAGIC, .flags = IMA_FSMAGIC} | 101 | {.action = DONT_MEASURE, .fsmagic = NSFS_MAGIC, .flags = IMA_FSMAGIC} |
| 100 | }; | 102 | }; |
| 101 | 103 | ||
| @@ -139,6 +141,7 @@ static struct ima_rule_entry default_appraise_rules[] __ro_after_init = { | |||
| 139 | {.action = DONT_APPRAISE, .fsmagic = SELINUX_MAGIC, .flags = IMA_FSMAGIC}, | 141 | {.action = DONT_APPRAISE, .fsmagic = SELINUX_MAGIC, .flags = IMA_FSMAGIC}, |
| 140 | {.action = DONT_APPRAISE, .fsmagic = NSFS_MAGIC, .flags = IMA_FSMAGIC}, | 142 | {.action = DONT_APPRAISE, .fsmagic = NSFS_MAGIC, .flags = IMA_FSMAGIC}, |
| 141 | {.action = DONT_APPRAISE, .fsmagic = CGROUP_SUPER_MAGIC, .flags = IMA_FSMAGIC}, | 143 | {.action = DONT_APPRAISE, .fsmagic = CGROUP_SUPER_MAGIC, .flags = IMA_FSMAGIC}, |
| 144 | {.action = DONT_APPRAISE, .fsmagic = CGROUP2_SUPER_MAGIC, .flags = IMA_FSMAGIC}, | ||
| 142 | #ifdef CONFIG_IMA_WRITE_POLICY | 145 | #ifdef CONFIG_IMA_WRITE_POLICY |
| 143 | {.action = APPRAISE, .func = POLICY_CHECK, | 146 | {.action = APPRAISE, .func = POLICY_CHECK, |
| 144 | .flags = IMA_FUNC | IMA_DIGSIG_REQUIRED}, | 147 | .flags = IMA_FUNC | IMA_DIGSIG_REQUIRED}, |