The parameters passed to this logging function are all provided by a privileged user and therefore we can call audit_log_string() rather than audit_log_untrustedstring().
Signed-off-by: Stefan Berger <[email protected]> Suggested-by: Steve Grubb <[email protected]> --- security/integrity/ima/ima_policy.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index d89bebf85421..a823f11a3e6b 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c @@ -615,7 +615,7 @@ static void ima_log_string_op(struct audit_buffer *ab, char *key, char *value, audit_log_format(ab, "%s<", key); else audit_log_format(ab, "%s=", key); - audit_log_untrustedstring(ab, value); + audit_log_string(ab, value); audit_log_format(ab, " "); } static void ima_log_string(struct audit_buffer *ab, char *key, char *value) -- 2.13.6 -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
