diff options
| author | Mikhail Kurinnoi <viewizard@viewizard.com> | 2017-01-27 19:23:01 +0300 |
|---|---|---|
| committer | Mimi Zohar <zohar@linux.vnet.ibm.com> | 2017-03-13 07:01:24 -0400 |
| commit | 3dd0c8d06511c7c61c62305fcf431ca28884d263 (patch) | |
| tree | 53dd75846d5bc3ac098bd9fdd08c94ae804c22a2 /fs/isofs | |
| parent | 1ac202e978e18f045006d75bd549612620c6ec3a (diff) | |
ima: provide ">" and "<" operators for fowner/uid/euid rules.
For now we have only "=" operator for fowner/uid/euid rules. This
patch provide two more operators - ">" and "<" in order to make
fowner/uid/euid rules more flexible.
Examples of usage.
Appraise all files owned by special and system users (SYS_UID_MAX 999):
appraise fowner<1000
Don't appraise files owned by normal users (UID_MIN 1000):
dont_appraise fowner>999
Appraise all files owned by users with UID 1000-1010:
dont_appraise fowner>1010
appraise fowner>999
Changelog v3:
- Removed code duplication in ima_parse_rule().
- Fix ima_policy_show() - (Mimi)
Changelog v2:
- Fixed default policy rules.
Signed-off-by: Mikhail Kurinnoi <viewizard@viewizard.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
security/integrity/ima/ima_policy.c | 115 +++++++++++++++++++++++++++---------
1 file changed, 87 insertions(+), 28 deletions(-)
Diffstat (limited to 'fs/isofs')
0 files changed, 0 insertions, 0 deletions