Commit 55748ac6 authored by Mimi Zohar's avatar Mimi Zohar
Browse files

ima: differentiate between EVM failures in the audit log 



Differentiate between an invalid EVM portable signature failure
from other EVM HMAC/signature failures.

Reviewed-by: default avatarRoberto Sassu <roberto.sassu@huawei.com>
Signed-off-by: default avatarMimi Zohar <zohar@linux.ibm.com>
parent 7d2201d4

security/integrity/ima/ima_appraise.c

+2 −1
Original line number Diff line number Diff line
@@ -422,7 +422,8 @@ int ima_appraise_measurement(enum ima_hooks func, 
		goto out;

	case INTEGRITY_FAIL_IMMUTABLE:

		set_bit(IMA_DIGSIG, &iint->atomic_flags);

		fallthrough;

		cause = "invalid-fail-immutable";

		goto out;

	case INTEGRITY_FAIL:		/* Invalid HMAC/signature. */

		cause = "invalid-HMAC";

		goto out;