Lines beginning with '#' in the IMA policy are comments and are ignored. Instead of placing the rule and comment on separate lines, allow the comment to be suffixed to the IMA policy rule. Signed-off-by: Mimi Zohar <zohar@xxxxxxxxxxxxx> --- security/integrity/ima/ima_policy.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index 23bbe2c405f0..128fab897930 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c @@ -1432,7 +1432,7 @@ static int ima_parse_rule(char *rule, struct ima_rule_entry *entry) int token; unsigned long lnum; - if (result < 0) + if (result < 0 || *p == '#') /* ignore suffixed comment */ break; if ((*p == '\0') || (*p == ' ') || (*p == '\t')) continue; -- 2.47.1
