On Wed, 2015-12-23 at 13:47 +0200, Petko Manolov wrote:
> On 15-12-22 16:50:01, Sasha Levin wrote:
> > On 12/22/2015 04:40 PM, Petko Manolov wrote:
> > >> Thanks, Sasha. By the time ima_update_policy() is called
> > >> >ima_release_policy() has already output the policy update status
> > >>
On Wed, 2015-12-23 at 07:24 -0500, Mimi Zohar wrote:
> On Wed, 2015-12-23 at 13:47 +0200, Petko Manolov wrote:
>
> > On 15-12-22 16:50:01, Sasha Levin wrote:
> > > On 12/22/2015 04:40 PM, Petko Manolov wrote:
> > > >> Thanks, Sasha. By the time ima_update_policy() is called
> > > >>
On December 22, 2015 9:56:28 PM GMT+02:00, Mimi Zohar
wrote:
>On Tue, 2015-12-22 at 08:51 -0500, Sasha Levin wrote:
>> Commit "IMA: policy can now be updated multiple times" assumed that
>the
>> policy would be updated at least once.
>>
>> If there are zero updates,
On 12/22/2015 04:40 PM, Petko Manolov wrote:
>> Thanks, Sasha. By the time ima_update_policy() is called
>> >ima_release_policy() has already output the policy update status
>> >message. I guess an empty policy could be considered a valid policy.
>> >Could you add a msg indicating that the new
Commit "IMA: policy can now be updated multiple times" assumed that the
policy would be updated at least once.
If there are zero updates, the temporary list head object will get added
to the policy list, and later dereferenced as an IMA policy object, which
means that invalid memory will be