| Message ID | 20190628021934.4260-12-bauerman@linux.ibm.com (mailing list archive) |
|---|---|
| State | Not Applicable |
| Headers | show |
| Series | Appended signatures support for IMA appraisal | expand |
| Context | Check | Description |
|---|---|---|
| snowpatch_ozlabs/apply_patch | warning | Failed to apply on branch next (c7d64b560ce80d8c44f082eee8352f0778a73195) |
| snowpatch_ozlabs/apply_patch | fail | Failed to apply to any branch |
diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index 4fc13e591f1d..46ed31a0adfe 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c @@ -1193,7 +1193,8 @@ static int ima_parse_rule(char *rule, struct ima_rule_entry *entry) break; case Opt_template: ima_log_string(ab, "template", args[0].from); - if (entry->action != MEASURE) { + if (entry->action != MEASURE && + entry->action != APPRAISE) { result = -EINVAL; break; }
It's useful being able to specify a different IMA template on appraise policy rules, so allow it. Signed-off-by: Thiago Jung Bauermann <bauerman@linux.ibm.com> Suggested-by: Mimi Zohar <zohar@linux.ibm.com> --- security/integrity/ima/ima_policy.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)