diff options
author | Eric Paris <eparis@redhat.com> | 2010-04-20 10:21:13 -0400 |
---|---|---|
committer | James Morris <jmorris@namei.org> | 2010-04-20 19:58:15 -0400 |
commit | e9d393bf8660fbbbe00617015224342bac3ea6fc (patch) | |
tree | b127189c4b598774ef467b599bd8bfe08b3c71d4 | |
parent | b9035b1fd7933c11e68dbbf49b530cc43bf1da65 (diff) |
IMA: reject policies with unknown entries
Currently the ima policy load code will print what it doesn't understand
but really I think it should reject any policy it doesn't understand. This
patch makes it so!
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Mimi Zohar <zohar@us.ibm.com>
Signed-off-by: James Morris <jmorris@namei.org>
-rw-r--r-- | security/integrity/ima/ima_policy.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index 012701157378..dee2dc062bcc 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c | |||
@@ -398,6 +398,7 @@ static int ima_parse_rule(char *rule, struct ima_measure_rule_entry *entry) | |||
398 | AUDIT_SUBJ_TYPE); | 398 | AUDIT_SUBJ_TYPE); |
399 | break; | 399 | break; |
400 | case Opt_err: | 400 | case Opt_err: |
401 | result = -EINVAL; | ||
401 | audit_log_format(ab, "UNKNOWN=%s ", p); | 402 | audit_log_format(ab, "UNKNOWN=%s ", p); |
402 | break; | 403 | break; |
403 | } | 404 | } |