Re: [RFC PATCH 12/12] IMA: Use the the system trusted keyrings instead of .ima_mok [ver #3]

From: David Howells
Date: Wed Apr 06 2016 - 12:14:12 EST

Next message: Kedareswara rao Appana: "[PATCH v3 0/5] dmaengine: vdma: AXI DMA's enhancments"
Previous message: Al Viro: "Re: [PATCH] proc: fix dereference of ERR_PTR"
In reply to: Mimi Zohar: "Re: [RFC PATCH 12/12] IMA: Use the the system trusted keyrings instead of .ima_mok [ver #3]"
Next in thread: Mimi Zohar: "Re: [RFC PATCH 12/12] IMA: Use the the system trusted keyrings instead of .ima_mok [ver #3]"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Mimi Zohar <zohar@xxxxxxxxxxxxxxxxxx> wrote:

> FYI, restrict_link_by_ima_mok() allows keys to be added to the IMA
> keyring signed by a key on the .ima_mok keyring, but
> restrict_link_by_builtin_and_secondary_trusted() results in "errno:
> Required key not available (126)".

Is that fixed by fixing restrict_link_by_builtin_and_secondary_trusted() to
check the right keyring?

David

Next message: Kedareswara rao Appana: "[PATCH v3 0/5] dmaengine: vdma: AXI DMA's enhancments"
Previous message: Al Viro: "Re: [PATCH] proc: fix dereference of ERR_PTR"
In reply to: Mimi Zohar: "Re: [RFC PATCH 12/12] IMA: Use the the system trusted keyrings instead of .ima_mok [ver #3]"
Next in thread: Mimi Zohar: "Re: [RFC PATCH 12/12] IMA: Use the the system trusted keyrings instead of .ima_mok [ver #3]"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]