[PATCH v2 3/4] ima: ignore empty and with whitespaces policy lines

Dmitry Kasatkin Fri, 03 Oct 2014 04:42:01 -0700

Empty policy lines cause parsing failures which is, especially
for new users, hard to spot. This patch prevents it.


It is now possible to 'cat policy > <securityfs>/ima/policy'.

Changes in v2:
* strip leading blanks and tabs in rules to prevent parsing failures

Signed-off-by: Dmitry Kasatkin <d.kasat...@samsung.com>
---
 security/integrity/ima/ima_policy.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/security/integrity/ima/ima_policy.c 
b/security/integrity/ima/ima_policy.c
index bf232b9..d2c47d4 100644
--- a/security/integrity/ima/ima_policy.c
+++ b/security/integrity/ima/ima_policy.c
@@ -696,8 +696,9 @@ ssize_t ima_parse_add_rule(char *rule)
 
        p = strsep(&rule, "\n");
        len = strlen(p) + 1;
+       p += strspn(p, " \t");
 
-       if (*p == '#')
+       if (*p == '#' || *p == '\0')
                return len;
 
        entry = kzalloc(sizeof(*entry), GFP_KERNEL);
-- 
1.9.1

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[PATCH v2 3/4] ima: ignore empty and with whitespaces policy lines

Reply via email to