summaryrefslogtreecommitdiff
path: root/security/integrity
diff options
context:
space:
mode:
authorEric Paris <eparis@redhat.com>2010-04-20 10:21:13 -0400
committerJames Morris <jmorris@namei.org>2010-04-21 09:58:15 +1000
commite9d393bf8660fbbbe00617015224342bac3ea6fc (patch)
treeb127189c4b598774ef467b599bd8bfe08b3c71d4 /security/integrity
parentb9035b1fd7933c11e68dbbf49b530cc43bf1da65 (diff)
downloadlwn-e9d393bf8660fbbbe00617015224342bac3ea6fc.tar.gz
lwn-e9d393bf8660fbbbe00617015224342bac3ea6fc.zip
IMA: reject policies with unknown entries
Currently the ima policy load code will print what it doesn't understand but really I think it should reject any policy it doesn't understand. This patch makes it so! Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Mimi Zohar <zohar@us.ibm.com> Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/integrity')
-rw-r--r--security/integrity/ima/ima_policy.c1
1 files changed, 1 insertions, 0 deletions
diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c
index 012701157378..dee2dc062bcc 100644
--- a/security/integrity/ima/ima_policy.c
+++ b/security/integrity/ima/ima_policy.c
@@ -398,6 +398,7 @@ static int ima_parse_rule(char *rule, struct ima_measure_rule_entry *entry)
AUDIT_SUBJ_TYPE);
break;
case Opt_err:
+ result = -EINVAL;
audit_log_format(ab, "UNKNOWN=%s ", p);
break;
}