shaba/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd.git synced 2024-12-26 03:22:00 +03:00
Code

main: load Smack policy before IMA policy (#3859)

Browse Source 
IMA wiki says: "If the IMA policy contains LSM labels, then the LSM
policy must be loaded prior to the IMA policy." Right now, in case of
Smack, the IMA policy is loaded before the Smack policy. Move the order
around to allow Smack labels to be used in IMA policy.
This commit is contained in:
Ismo Puustinen 2016-08-02 15:58:30 +03:00 committed by Zbigniew Jędrzejewski-Szmek
parent 98d2d46876
commit 96694e998b
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/core/main.c
View File

@ -1414,12 +1414,12 @@ int main(int argc, char *argv[]) {
if (mac_selinux_setup(&loaded_policy) < 0) { if (mac_selinux_setup(&loaded_policy) < 0) {
error_message = "Failed to load SELinux policy"; error_message = "Failed to load SELinux policy";
goto finish; goto finish;
} else if (ima_setup() < 0) {
error_message = "Failed to load IMA policy";
goto finish;
} else if (mac_smack_setup(&loaded_policy) < 0) { } else if (mac_smack_setup(&loaded_policy) < 0) {
error_message = "Failed to load SMACK policy"; error_message = "Failed to load SMACK policy";
goto finish; goto finish;
} else if (ima_setup() < 0) {
error_message = "Failed to load IMA policy";
goto finish;
} }
dual_timestamp_get(&security_finish_timestamp); dual_timestamp_get(&security_finish_timestamp);
} }