Re: [PATCH v2 3/4] ima: ignore empty and with whitespaces policy lines
From: Mimi Zohar
Date: Sun Oct 12 2014 - 20:14:25 EST
On Fri, 2014-10-03 at 14:40 +0300, Dmitry Kasatkin wrote:
> Empty policy lines cause parsing failures which is, especially
> for new users, hard to spot. This patch prevents it.
>
> It is now possible to 'cat policy > <securityfs>/ima/policy'.
The patch itself is fine, but dropping this comment as commit "6ccd045
ima: handle multiple rules per write" already added support to 'cat' the
policy.
Mimi
> Changes in v2:
> * strip leading blanks and tabs in rules to prevent parsing failures
>
> Signed-off-by: Dmitry Kasatkin <d.kasatkin@xxxxxxxxxxx>
> ---
> security/integrity/ima/ima_policy.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c
> index bf232b9..d2c47d4 100644
> --- a/security/integrity/ima/ima_policy.c
> +++ b/security/integrity/ima/ima_policy.c
> @@ -696,8 +696,9 @@ ssize_t ima_parse_add_rule(char *rule)
>
> p = strsep(&rule, "\n");
> len = strlen(p) + 1;
> + p += strspn(p, " \t");
>
> - if (*p == '#')
> + if (*p == '#' || *p == '\0')
> return len;
>
> entry = kzalloc(sizeof(*entry), GFP_KERNEL);
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/