projects
/
cascardo
/
linux.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
| inline |
side by side
ima: skip measurement of cgroupfs files and update documentation
[cascardo/linux.git]
/
security
/
integrity
/
ima
/
ima_policy.c
diff --git
a/security/integrity/ima/ima_policy.c
b/security/integrity/ima/ima_policy.c
index
e86b58d
..
e4244fc
100644
(file)
--- a/
security/integrity/ima/ima_policy.c
+++ b/
security/integrity/ima/ima_policy.c
@@
-79,6
+79,8
@@
static struct ima_rule_entry default_rules[] = {
{.action = DONT_MEASURE, .fsmagic = BINFMTFS_MAGIC, .flags = IMA_FSMAGIC},
{.action = DONT_MEASURE, .fsmagic = SECURITYFS_MAGIC, .flags = IMA_FSMAGIC},
{.action = DONT_MEASURE, .fsmagic = SELINUX_MAGIC, .flags = IMA_FSMAGIC},
+ {.action = DONT_MEASURE, .fsmagic = CGROUP_SUPER_MAGIC,
+ .flags = IMA_FSMAGIC},
{.action = MEASURE, .func = MMAP_CHECK, .mask = MAY_EXEC,
.flags = IMA_FUNC | IMA_MASK},
{.action = MEASURE, .func = BPRM_CHECK, .mask = MAY_EXEC,
projects / cascardo / linux.git / blobdiff