[PATCH] ima: Handle error code from security_audit_rule_match

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

commit c7423dbdbc9e ("ima: Handle -ESTALE returned by
ima_filter_rule_match()") introduced the handling of -ESTALE returned by
security_audit_rule_match(). However, security_audit_rule_match() might
return other error codes if some error occurred. We should handle those
error codes as well.

Fixes: c7423dbdbc9e ("ima: Handle -ESTALE returned by ima_filter_rule_match()")
Signed-off-by: GUO Zihua <guozihua@xxxxxxxxxx>
---
 security/integrity/ima/ima_policy.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c
index 6a68ec270822..5561e1b2c376 100644
--- a/security/integrity/ima/ima_policy.c
+++ b/security/integrity/ima/ima_policy.c
@@ -663,7 +663,7 @@ static bool ima_match_rules(struct ima_rule_entry *rule,
 			break;
 		}
 
-		if (rc == -ESTALE && !rule_reinitialized) {
+		if (rc < 0 && !rule_reinitialized) {
 			lsm_rule = ima_lsm_copy_rule(rule);
 			if (lsm_rule) {
 				rule_reinitialized = true;
-- 
2.17.1
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux Kernel]     [Linux Kernel Hardening]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux SCSI]

  Powered by Linux