It's useful being able to specify a different IMA template on appraise policy rules, so allow it. Signed-off-by: Thiago Jung Bauermann <bauerman@xxxxxxxxxxxxx> Suggested-by: Mimi Zohar <zohar@xxxxxxxxxxxxx> --- security/integrity/ima/ima_policy.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index 4fc13e591f1d..46ed31a0adfe 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c @@ -1193,7 +1193,8 @@ static int ima_parse_rule(char *rule, struct ima_rule_entry *entry) break; case Opt_template: ima_log_string(ab, "template", args[0].from); - if (entry->action != MEASURE) { + if (entry->action != MEASURE && + entry->action != APPRAISE) { result = -EINVAL; break; }