[systemd-devel] [PATCH] ima-setup: write policy one line at a time
Lennart Poettering
lennart at poettering.net
Wed Jun 10 16:16:47 PDT 2015
On Wed, 10.06.15 15:38, Zbigniew Jędrzejewski-Szmek (zbyszek at in.waw.pl) wrote:
> ima_write_policy() expects data to be written as one or more
> rules, no more than PAGE_SIZE at a time. Easiest way to ensure
> that we are not splitting rules is to read and write on line at
> a time.
>
> https://bugzilla.redhat.com/show_bug.cgi?id=1226948
> ---
> src/core/ima-setup.c | 39 +++++++++++++++++----------------------
> 1 file changed, 17 insertions(+), 22 deletions(-)
>
> diff --git a/src/core/ima-setup.c b/src/core/ima-setup.c
> index 4d8b638115..5b3d16cd31 100644
> --- a/src/core/ima-setup.c
> +++ b/src/core/ima-setup.c
> @@ -23,9 +23,6 @@
>
> #include <unistd.h>
> #include <errno.h>
> -#include <fcntl.h>
> -#include <sys/stat.h>
> -#include <sys/mman.h>
>
> #include "ima-setup.h"
> #include "util.h"
> @@ -36,20 +33,19 @@
> #define IMA_POLICY_PATH "/etc/ima/ima-policy"
>
> int ima_setup(void) {
> - int r = 0;
> -
> #ifdef HAVE_IMA
> - _cleanup_close_ int policyfd = -1, imafd = -1;
> - struct stat st;
> - char *policy;
> + _cleanup_fclose_ FILE *input = NULL;
> + _cleanup_close_ int imafd = -1;
> + char line[LINE_MAX];
Hmm, I wonder if this might bite us. LINE_MAX is a good choice as max
line length for formats we define in systemd, but the question of
course is what the the max line length is for IMA...
Looks good otherwise.
Lennart
--
Lennart Poettering, Red Hat
More information about the systemd-devel
mailing list