IMA: reject policies with unknown entries

Currently the ima policy load code will print what it doesn't understand
but really I think it should reject any policy it doesn't understand.  This
patch makes it so!

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Mimi Zohar <zohar@us.ibm.com>
Signed-off-by: James Morris <jmorris@namei.org>
This commit is contained in:
Eric Paris 2010-04-20 10:21:13 -04:00 коммит произвёл James Morris
Родитель b9035b1fd7
Коммит e9d393bf86
1 изменённых файлов: 1 добавлений и 0 удалений

Просмотреть файл

@ -398,6 +398,7 @@ static int ima_parse_rule(char *rule, struct ima_measure_rule_entry *entry)
AUDIT_SUBJ_TYPE); AUDIT_SUBJ_TYPE);
break; break;
case Opt_err: case Opt_err:
result = -EINVAL;
audit_log_format(ab, "UNKNOWN=%s ", p); audit_log_format(ab, "UNKNOWN=%s ", p);
break; break;
} }