summaryrefslogtreecommitdiff
path: root/security
diff options
context:
space:
mode:
authorDmitry Kasatkin <dmitry.kasatkin@intel.com>2012-06-25 12:18:09 +0300
committerMimi Zohar <zohar@linux.vnet.ibm.com>2012-07-05 16:42:33 -0400
commit8445d64dd761440fb5c73a2abba25009f4bf0e4c (patch)
tree1529319b3b3fed827a02b5b8fafcd367045d540c /security
parentc7de7adc18241a0eb10a6e1fed7cb1e01f53c85a (diff)
downloadkernel-common-8445d64dd761440fb5c73a2abba25009f4bf0e4c.tar.gz
kernel-common-8445d64dd761440fb5c73a2abba25009f4bf0e4c.tar.bz2
kernel-common-8445d64dd761440fb5c73a2abba25009f4bf0e4c.zip
ima: add policy for pseudo fs
Exclude DEVPTS and BINFMT filesystems from the measurement policy. Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Diffstat (limited to 'security')
-rw-r--r--security/integrity/ima/ima_policy.c2
1 files changed, 2 insertions, 0 deletions
diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c
index d8edff209bf3..1a9583008aae 100644
--- a/security/integrity/ima/ima_policy.c
+++ b/security/integrity/ima/ima_policy.c
@@ -63,6 +63,8 @@ static struct ima_measure_rule_entry default_rules[] = {
{.action = DONT_MEASURE,.fsmagic = DEBUGFS_MAGIC,.flags = IMA_FSMAGIC},
{.action = DONT_MEASURE,.fsmagic = TMPFS_MAGIC,.flags = IMA_FSMAGIC},
{.action = DONT_MEASURE,.fsmagic = RAMFS_MAGIC,.flags = IMA_FSMAGIC},
+ {.action = DONT_MEASURE,.fsmagic = DEVPTS_SUPER_MAGIC,.flags = IMA_FSMAGIC},
+ {.action = DONT_MEASURE,.fsmagic = BINFMTFS_MAGIC,.flags = IMA_FSMAGIC},
{.action = DONT_MEASURE,.fsmagic = SECURITYFS_MAGIC,.flags = IMA_FSMAGIC},
{.action = DONT_MEASURE,.fsmagic = SELINUX_MAGIC,.flags = IMA_FSMAGIC},
{.action = MEASURE,.func = FILE_MMAP,.mask = MAY_EXEC,