summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorIsmo Puustinen <ismo.puustinen@intel.com>2016-08-02 15:58:30 +0300
committerZbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>2016-08-02 08:58:30 -0400
commit96694e998be1f631861c8c72de67c581a5306afa (patch)
tree2ddbeffbc8469ef44f290f7e027da05ff1c5787a
parent98d2d46876c08d6f2ae63284ec5a28f90cbbb8ac (diff)
main: load Smack policy before IMA policy (#3859)
IMA wiki says: "If the IMA policy contains LSM labels, then the LSM policy must be loaded prior to the IMA policy." Right now, in case of Smack, the IMA policy is loaded before the Smack policy. Move the order around to allow Smack labels to be used in IMA policy.
-rw-r--r--src/core/main.c6
1 files changed, 3 insertions, 3 deletions
diff --git a/src/core/main.c b/src/core/main.c
index 74b8ea139f..c46d886653 100644
--- a/src/core/main.c
+++ b/src/core/main.c
@@ -1414,12 +1414,12 @@ int main(int argc, char *argv[]) {
if (mac_selinux_setup(&loaded_policy) < 0) {
error_message = "Failed to load SELinux policy";
goto finish;
- } else if (ima_setup() < 0) {
- error_message = "Failed to load IMA policy";
- goto finish;
} else if (mac_smack_setup(&loaded_policy) < 0) {
error_message = "Failed to load SMACK policy";
goto finish;
+ } else if (ima_setup() < 0) {
+ error_message = "Failed to load IMA policy";
+ goto finish;
}
dual_timestamp_get(&security_finish_timestamp);
}