diff options
| author | Mimi Zohar <zohar@linux.ibm.com> | 2024-12-27 16:28:32 +0300 |
|---|---|---|
| committer | Mimi Zohar <zohar@linux.ibm.com> | 2025-01-03 18:18:43 +0300 |
| commit | 4785ed362a24d4f37ee0eb4403f587fee886f8da (patch) | |
| tree | ac0d5cda786fdcde696c971748355b712bf44dbf | |
| parent | 7eef7c8bac9a31f12ae19369582bc25971bc8fe1 (diff) | |
| download | linux-4785ed362a24d4f37ee0eb4403f587fee886f8da.tar.xz | |
ima: ignore suffixed policy rule comments
Lines beginning with '#' in the IMA policy are comments and are ignored.
Instead of placing the rule and comment on separate lines, allow the
comment to be suffixed to the IMA policy rule.
Reviewed-by: Petr Vorel <pvorel@suse.cz>
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
| -rw-r--r-- | security/integrity/ima/ima_policy.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index 23bbe2c405f0..128fab897930 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c @@ -1432,7 +1432,7 @@ static int ima_parse_rule(char *rule, struct ima_rule_entry *entry) int token; unsigned long lnum; - if (result < 0) + if (result < 0 || *p == '#') /* ignore suffixed comment */ break; if ((*p == '\0') || (*p == ' ') || (*p == '\t')) continue; |