Commit 4785ed36 authored Dec 27, 2024 by Mimi Zohar

ima: ignore suffixed policy rule comments



Lines beginning with '#' in the IMA policy are comments and are ignored.
Instead of placing the rule and comment on separate lines, allow the
comment to be suffixed to the IMA policy rule.

Reviewed-by: Petr Vorel <pvorel@suse.cz>
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>

parent 7eef7c8b

security/integrity/ima/ima_policy.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -1432,7 +1432,7 @@ static int ima_parse_rule(char rule, struct ima_rule_entry entry)
		int token;
		unsigned long lnum;

		if (result < 0)
		if (result < 0 \|\| p == '#') / ignore suffixed comment */
		break;
		if ((p == '\0') \|\| (p == ' ') \|\| (*p == '\t'))
		continue;