From: Dmitry Kasatkin Date: Mon, 25 Jun 2012 09:18:09 +0000 (+0300) Subject: ima: add policy for pseudo fs X-Git-Url: https://git.karo-electronics.de/?a=commitdiff_plain;h=8445d64dd761440fb5c73a2abba25009f4bf0e4c;p=linux-beck.git ima: add policy for pseudo fs Exclude DEVPTS and BINFMT filesystems from the measurement policy. Signed-off-by: Dmitry Kasatkin Signed-off-by: Mimi Zohar --- diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index d8edff209bf3..1a9583008aae 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c @@ -63,6 +63,8 @@ static struct ima_measure_rule_entry default_rules[] = { {.action = DONT_MEASURE,.fsmagic = DEBUGFS_MAGIC,.flags = IMA_FSMAGIC}, {.action = DONT_MEASURE,.fsmagic = TMPFS_MAGIC,.flags = IMA_FSMAGIC}, {.action = DONT_MEASURE,.fsmagic = RAMFS_MAGIC,.flags = IMA_FSMAGIC}, + {.action = DONT_MEASURE,.fsmagic = DEVPTS_SUPER_MAGIC,.flags = IMA_FSMAGIC}, + {.action = DONT_MEASURE,.fsmagic = BINFMTFS_MAGIC,.flags = IMA_FSMAGIC}, {.action = DONT_MEASURE,.fsmagic = SECURITYFS_MAGIC,.flags = IMA_FSMAGIC}, {.action = DONT_MEASURE,.fsmagic = SELINUX_MAGIC,.flags = IMA_FSMAGIC}, {.action = MEASURE,.func = FILE_MMAP,.mask = MAY_EXEC,