diff options
| author | Tyler Hicks <tyhicks@linux.microsoft.com> | 2020-07-09 09:19:06 +0300 |
|---|---|---|
| committer | Mimi Zohar <zohar@linux.ibm.com> | 2020-07-20 20:06:26 +0300 |
| commit | 5f3e92657bbfb63ad3109433d843c89996114b03 (patch) | |
| tree | ac5c817f82eff72c557ebfa6ee21221bedd0ad77 /scripts/gdb/linux/lists.py | |
| parent | eb624fe214a2e156ddafd9868377cf91499f789d (diff) | |
| download | linux-5f3e92657bbfb63ad3109433d843c89996114b03.tar.xz | |
ima: Fail rule parsing when appraise_flag=blacklist is unsupportable
Verifying that a file hash is not blacklisted is currently only
supported for files with appended signatures (modsig). In the future,
this might change.
For now, the "appraise_flag" option is only appropriate for appraise
actions and its "blacklist" value is only appropriate when
CONFIG_IMA_APPRAISE_MODSIG is enabled and "appraise_flag=blacklist" is
only appropriate when "appraise_type=imasig|modsig" is also present.
Make this clear at policy load so that IMA policy authors don't assume
that other uses of "appraise_flag=blacklist" are supported.
Fixes: 273df864cf74 ("ima: Check against blacklisted hashes for files with modsig")
Signed-off-by: Tyler Hicks <tyhicks@linux.microsoft.com>
Reivewed-by: Nayna Jain <nayna@linux.ibm.com>
Tested-by: Nayna Jain <nayna@linux.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Diffstat (limited to 'scripts/gdb/linux/lists.py')
0 files changed, 0 insertions, 0 deletions