ima: extend "mask" policy matching support (4351c294) · Commits · Mirrors / github.com / sifive_riscv-linux

Commit 4351c294 authored Nov 05, 2014 by

Mimi Zohar

ima: extend "mask" policy matching support



The current "mask" policy option matches files opened as MAY_READ,
MAY_WRITE, MAY_APPEND or MAY_EXEC.  This patch extends the "mask"
option to match files opened containing one of these modes.  For
example, "mask=^MAY_READ" would match files opened read-write.

Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Signed-off-by: Dr. Greg Wettstein <gw@idfusion.org>
Cc: stable@vger.kernel.org

parent 139069ef

Hide whitespace changes

Inline Side-by-side

Please register or to comment