| Message ID | 20241230142333.1309623-1-zohar@linux.ibm.com (mailing list archive) |
|---|---|
| State | New |
| Headers | show |
| Series | ima: ignore suffixed policy rule comments | expand |
Hi Mimi, > Lines beginning with '#' in the IMA policy are comments and are ignored. > Instead of placing the rule and comment on separate lines, allow the > comment to be suffixed to the IMA policy rule. +1 Reviewed-by: Petr Vorel <pvorel@suse.cz> Kind regards, Petr > Signed-off-by: Mimi Zohar <zohar@linux.ibm.com> > --- > security/integrity/ima/ima_policy.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c > index 23bbe2c405f0..128fab897930 100644 > --- a/security/integrity/ima/ima_policy.c > +++ b/security/integrity/ima/ima_policy.c > @@ -1432,7 +1432,7 @@ static int ima_parse_rule(char *rule, struct ima_rule_entry *entry) > int token; > unsigned long lnum; > - if (result < 0) > + if (result < 0 || *p == '#') /* ignore suffixed comment */ > break; > if ((*p == '\0') || (*p == ' ') || (*p == '\t')) > continue;
diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index 23bbe2c405f0..128fab897930 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c @@ -1432,7 +1432,7 @@ static int ima_parse_rule(char *rule, struct ima_rule_entry *entry) int token; unsigned long lnum; - if (result < 0) + if (result < 0 || *p == '#') /* ignore suffixed comment */ break; if ((*p == '\0') || (*p == ' ') || (*p == '\t')) continue;
Lines beginning with '#' in the IMA policy are comments and are ignored. Instead of placing the rule and comment on separate lines, allow the comment to be suffixed to the IMA policy rule. Signed-off-by: Mimi Zohar <zohar@linux.ibm.com> --- security/integrity/ima/ima_policy.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)