diff options
author | Eric Paris <eparis@redhat.com> | 2010-04-20 18:21:13 +0400 |
---|---|---|
committer | James Morris <jmorris@namei.org> | 2010-04-21 03:58:15 +0400 |
commit | e9d393bf8660fbbbe00617015224342bac3ea6fc (patch) | |
tree | b127189c4b598774ef467b599bd8bfe08b3c71d4 /security/integrity | |
parent | b9035b1fd7933c11e68dbbf49b530cc43bf1da65 (diff) | |
download | linux-e9d393bf8660fbbbe00617015224342bac3ea6fc.tar.xz |
IMA: reject policies with unknown entries
Currently the ima policy load code will print what it doesn't understand
but really I think it should reject any policy it doesn't understand. This
patch makes it so!
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Mimi Zohar <zohar@us.ibm.com>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/integrity')
-rw-r--r-- | security/integrity/ima/ima_policy.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index 012701157378..dee2dc062bcc 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c @@ -398,6 +398,7 @@ static int ima_parse_rule(char *rule, struct ima_measure_rule_entry *entry) AUDIT_SUBJ_TYPE); break; case Opt_err: + result = -EINVAL; audit_log_format(ab, "UNKNOWN=%s ", p); break; } |