ima: report policy load status

Dmitry Kasatkin · Mimi Zohar · commit 78bb5d0b4fe1 · 2014-10-11T23:25:25.000-04:00
Audit messages are rate limited, often causing the policy update
info to not be visible.  Report policy loading status also using
pr_info.

Changes in v2:
* reporting moved to ima_release_policy to notice parsing errors
* reporting both completed and failed status

Signed-off-by: Dmitry Kasatkin &lt;d.kasatkin@samsung.com&gt;
Signed-off-by: Mimi Zohar &lt;zohar@linux.vnet.ibm.com&gt;
diff --git a/security/integrity/ima/ima_fs.c b/security/integrity/ima/ima_fs.c
@@ -311,6 +311,8 @@ static int ima_open_policy(struct inode *inode, struct file *filp)
  */
 static int ima_release_policy(struct inode *inode, struct file *file)
 {
+	pr_info("IMA: policy update %s\n",
+		valid_policy ? "completed" : "failed");
 	if (!valid_policy) {
 		ima_delete_rules();
 		valid_policy = 1;

Original file line number	Diff line number	Diff line change
`@@ -311,6 +311,8 @@ static int ima_open_policy(struct inode inode, struct file filp)`
`311`	`311`	`*/`
`312`	`312`	`static int ima_release_policy(struct inode inode, struct file file)`
`313`	`313`	`{`
	`314`	`+ pr_info("IMA: policy update %s\n",`
	`315`	`+ valid_policy ? "completed" : "failed");`
`314`	`316`	`if (!valid_policy) {`
`315`	`317`	`ima_delete_rules();`
`316`	`318`	`valid_policy = 1;`