diff options
| author | Mimi Zohar <zohar@linux.ibm.com> | 2024-12-27 08:28:32 -0500 |
|---|---|---|
| committer | Mimi Zohar <zohar@linux.ibm.com> | 2025-01-03 10:18:43 -0500 |
| commit | 4785ed362a24d4f37ee0eb4403f587fee886f8da (patch) | |
| tree | ac0d5cda786fdcde696c971748355b712bf44dbf /security/integrity/ima | |
| parent | ima: limit the builtin 'tcb' dont_measure tmpfs policy rule (diff) | |
| download | linux-4785ed362a24d4f37ee0eb4403f587fee886f8da.tar.gz linux-4785ed362a24d4f37ee0eb4403f587fee886f8da.zip | |
ima: ignore suffixed policy rule comments
Lines beginning with '#' in the IMA policy are comments and are ignored.
Instead of placing the rule and comment on separate lines, allow the
comment to be suffixed to the IMA policy rule.
Reviewed-by: Petr Vorel <pvorel@suse.cz>
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Diffstat (limited to 'security/integrity/ima')
| -rw-r--r-- | security/integrity/ima/ima_policy.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index 23bbe2c405f0..128fab897930 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c @@ -1432,7 +1432,7 @@ static int ima_parse_rule(char *rule, struct ima_rule_entry *entry) int token; unsigned long lnum; - if (result < 0) + if (result < 0 || *p == '#') /* ignore suffixed comment */ break; if ((*p == '\0') || (*p == ' ') || (*p == '\t')) continue; |