git.proxmox.com Git - mirror_ubuntu-hirsute-kernel.git/commit

author	Mikhail Kurinnoi <viewizard@viewizard.com>
	Fri, 27 Jan 2017 16:23:01 +0000 (19:23 +0300)
committer	Mimi Zohar <zohar@linux.vnet.ibm.com>
	Mon, 13 Mar 2017 11:01:24 +0000 (07:01 -0400)
commit	3dd0c8d06511c7c61c62305fcf431ca28884d263
tree	53dd75846d5bc3ac098bd9fdd08c94ae804c22a2	tree
parent	1ac202e978e18f045006d75bd549612620c6ec3a	commit \| diff

ima: provide ">" and "<" operators for fowner/uid/euid rules.

For now we have only "=" operator for fowner/uid/euid rules. This
patch provide two more operators - ">" and "<" in order to make
fowner/uid/euid rules more flexible.

Examples of usage.

Appraise all files owned by special and system users (SYS_UID_MAX 999):
    appraise fowner<1000
Don't appraise files owned by normal users (UID_MIN 1000):
    dont_appraise fowner>999
Appraise all files owned by users with UID 1000-1010:
    dont_appraise fowner>1010
    appraise fowner>999

Changelog v3:
- Removed code duplication in ima_parse_rule().
- Fix ima_policy_show() - (Mimi)

Changelog v2:
- Fixed default policy rules.

Signed-off-by: Mikhail Kurinnoi <viewizard@viewizard.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
security/integrity/ima/ima_policy.c | 115 +++++++++++++++++++++++++++---------
1 file changed, 87 insertions(+), 28 deletions(-)