aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorEric Paris <eparis@redhat.com>2010-04-20 10:21:13 -0400
committerJames Morris <jmorris@namei.org>2010-04-20 19:58:15 -0400
commite9d393bf8660fbbbe00617015224342bac3ea6fc (patch)
treeb127189c4b598774ef467b599bd8bfe08b3c71d4
parentb9035b1fd7933c11e68dbbf49b530cc43bf1da65 (diff)
IMA: reject policies with unknown entries
Currently the ima policy load code will print what it doesn't understand but really I think it should reject any policy it doesn't understand. This patch makes it so! Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Mimi Zohar <zohar@us.ibm.com> Signed-off-by: James Morris <jmorris@namei.org>
-rw-r--r--security/integrity/ima/ima_policy.c1
1 files changed, 1 insertions, 0 deletions
diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c
index 012701157378..dee2dc062bcc 100644
--- a/security/integrity/ima/ima_policy.c
+++ b/security/integrity/ima/ima_policy.c
@@ -398,6 +398,7 @@ static int ima_parse_rule(char *rule, struct ima_measure_rule_entry *entry)
398 AUDIT_SUBJ_TYPE); 398 AUDIT_SUBJ_TYPE);
399 break; 399 break;
400 case Opt_err: 400 case Opt_err:
401 result = -EINVAL;
401 audit_log_format(ab, "UNKNOWN=%s ", p); 402 audit_log_format(ab, "UNKNOWN=%s ", p);
402 break; 403 break;
403 } 404 }