Message ID | 20220310113914.137164-2-cascardo@canonical.com |
---|---|
State | New |
Headers | show |
Series | Fix ima_policy build failure | expand |
diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index fa7f118a9ee7..ebf438e74490 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c @@ -1872,7 +1872,7 @@ int ima_policy_show(struct seq_file *m, void *v) /* Do not print rules with inactive LSM labels */ for (i = 0; i < MAX_LSM_RULES; i++) { - if (entry->lsm[i].args_p && !entry->lsm[i].rule) { + if (entry->lsm[i].args_p && !ima_lsm_isset(entry->lsm[i].rules)) { rcu_read_unlock(); return 0; }
SAUCE commit "LSM: Create and manage the lsmblob data structure." changes the single audit rule data into an array. Upstream commit 89677197ae70 ("ima: Do not print policy rule with inactive LSM labels") adds a test for the rule on ima_rule_entry when showing in proc files, which use the unsauced rule test. Use the function ima_lsm_isset introduced by the SAUCE patch to test whether a rule is set. Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com> --- security/integrity/ima/ima_policy.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)