IMA: reject policies with unknown entries
Currently the ima policy load code will print what it doesn't understand but really I think it should reject any policy it doesn't understand. This patch makes it so! Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Mimi Zohar <zohar@us.ibm.com> Signed-off-by: James Morris <jmorris@namei.org>
This commit is contained in:
Родитель
b9035b1fd7
Коммит
e9d393bf86
|
@ -398,6 +398,7 @@ static int ima_parse_rule(char *rule, struct ima_measure_rule_entry *entry)
|
||||||
AUDIT_SUBJ_TYPE);
|
AUDIT_SUBJ_TYPE);
|
||||||
break;
|
break;
|
||||||
case Opt_err:
|
case Opt_err:
|
||||||
|
result = -EINVAL;
|
||||||
audit_log_format(ab, "UNKNOWN=%s ", p);
|
audit_log_format(ab, "UNKNOWN=%s ", p);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
Загрузка…
Ссылка в новой задаче