Re: [RFC PATCH 18/20] IMA: Use the system blacklist keyring [ver #2]

From: David Howells
Date: Fri Feb 19 2016 - 06:58:47 EST

Next message: Wang Nan: "[PATCH 32/55] perf record: Add '--timestamp-filename' option to append timestamp to output filename"
Previous message: Wang Nan: "[PATCH 49/55] perf tools: Record fd into perf_mmap"
Next in thread: Mimi Zohar: "Re: [RFC PATCH 18/20] IMA: Use the system blacklist keyring [ver #2]"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Mimi Zohar <zohar@xxxxxxxxxxxxxxxxxx> wrote:

> As discussed, "restrict_link_by_system_trusted" is not enough. The
> certificate being added should be in a revoked list as well.

What do you mean be a "revoked list"? There currently isn't such a beast in
IMA. The patches I've proposed should make the functionality available
approximately the same as exists now.

David

Next message: Wang Nan: "[PATCH 32/55] perf record: Add '--timestamp-filename' option to append timestamp to output filename"
Previous message: Wang Nan: "[PATCH 49/55] perf tools: Record fd into perf_mmap"
Next in thread: Mimi Zohar: "Re: [RFC PATCH 18/20] IMA: Use the system blacklist keyring [ver #2]"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]