Re: [PATCH ima-evm-utils v2] Add ima_policy_check.awk and ima_policy_check.test

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, 2023-02-16 at 14:30 +0100, Roberto Sassu wrote:
> > > > > +# Rules don't overlap if there is at least one policy keyword (in base or lsm)
> > > > > +# providing a different value.
> > > > 
> > > > The above comment needs to be updated to reflect the overlapping tests.
> > > 
> > > Not sure what is missing. Maybe: rules don't overlap also when they are
> > > equivalent (they have the same keys and values)?
> > 
> > The above "overlap" definition doesn't take into account one rule being
> > more restrictive (having more "keys" than the other.)
> 
> Ok, I see.
> 
> Rules don't overlap if both include the same policy keyword (in base or
> lsm), at least one, with a different value.

^keyword(s)

-- 
thanks,

Mimi




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux Kernel]     [Linux Kernel Hardening]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux SCSI]

  Powered by Linux