ima: policy for RAMFS

Don't measure ramfs files. Signed-off-by: N Dmitry Kasatkin <dmitry.kasatkin@intel.com> Signed-off-by: N Mimi Zohar <zohar@us.ibm.com>

ima: policy for RAMFS
Don't measure ramfs files. Signed-off-by: N Dmitry Kasatkin <dmitry.kasatkin@intel.com> Signed-off-by: N Mimi Zohar <zohar@us.ibm.com>
4c2c3927 · Dmitry Kasatkin · Mimi Zohar · f4a0391d · 4c2c3927
隐藏空白更改
内联并排

Showing with 1 addition and 0 deletion

security/integrity/ima/ima_policy.c security/integrity/ima/ima_policy.c +1 -0

未找到文件。
--- a/security/integrity/ima/ima_policy.c
+++ b/security/integrity/ima/ima_policy.c
@@ -62,6 +62,7 @@ static struct ima_measure_rule_entry default_rules[] = {
 	{.action = DONT_MEASURE,.fsmagic = SYSFS_MAGIC,.flags = IMA_FSMAGIC},
 	{.action = DONT_MEASURE,.fsmagic = DEBUGFS_MAGIC,.flags = IMA_FSMAGIC},
 	{.action = DONT_MEASURE,.fsmagic = TMPFS_MAGIC,.flags = IMA_FSMAGIC},
+	{.action = DONT_MEASURE,.fsmagic = RAMFS_MAGIC,.flags = IMA_FSMAGIC},
 	{.action = DONT_MEASURE,.fsmagic = SECURITYFS_MAGIC,.flags = IMA_FSMAGIC},
 	{.action = DONT_MEASURE,.fsmagic = SELINUX_MAGIC,.flags = IMA_FSMAGIC},
 	{.action = MEASURE,.func = FILE_MMAP,.mask = MAY_EXEC,