diff options
author | Ismo Puustinen <ismo.puustinen@intel.com> | 2016-08-02 15:58:30 +0300 |
---|---|---|
committer | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2016-08-02 08:58:30 -0400 |
commit | 96694e998be1f631861c8c72de67c581a5306afa (patch) | |
tree | 2ddbeffbc8469ef44f290f7e027da05ff1c5787a /src | |
parent | 98d2d46876c08d6f2ae63284ec5a28f90cbbb8ac (diff) |
main: load Smack policy before IMA policy (#3859)
IMA wiki says: "If the IMA policy contains LSM labels, then the LSM
policy must be loaded prior to the IMA policy." Right now, in case of
Smack, the IMA policy is loaded before the Smack policy. Move the order
around to allow Smack labels to be used in IMA policy.
Diffstat (limited to 'src')
-rw-r--r-- | src/core/main.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/src/core/main.c b/src/core/main.c index 74b8ea139f..c46d886653 100644 --- a/src/core/main.c +++ b/src/core/main.c @@ -1414,12 +1414,12 @@ int main(int argc, char *argv[]) { if (mac_selinux_setup(&loaded_policy) < 0) { error_message = "Failed to load SELinux policy"; goto finish; - } else if (ima_setup() < 0) { - error_message = "Failed to load IMA policy"; - goto finish; } else if (mac_smack_setup(&loaded_policy) < 0) { error_message = "Failed to load SMACK policy"; goto finish; + } else if (ima_setup() < 0) { + error_message = "Failed to load IMA policy"; + goto finish; } dual_timestamp_get(&security_finish_timestamp); } |