Re: [PATCH] ima: Allow to import the blacklisted cert signed by secondary CA cert

From: Mimi Zohar
Date: Thu Aug 01 2019 - 18:57:21 EST

Next message: Rob Herring: "Re: [PATCH v3 1/2] dt-bindings: mmc: Document Aspeed SD controller"
Previous message: Stephen Rothwell: "linux-next: Fixes tag needs some work in the net-next tree"
Next in thread: Jia Zhang: "Re: [PATCH] ima: Allow to import the blacklisted cert signed by secondary CA cert"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Jia,

On Thu, 2019-08-01 at 09:23 +0800, Jia Zhang wrote:
> Similar to .ima, the cert imported to .ima_blacklist is able to be
> authenticated by a secondary CA cert.
>
> Signed-off-by: Jia Zhang <zhang.jia@xxxxxxxxxxxxxxxxx>

The IMA blacklist, which is defined as experimental for a reason, was
upstreamed prior to the system blacklist. ÂAny reason you're not using
the system blacklist? ÂBefore making this sort of change, I'd like
some input from others.

thanks,

Mimi

Next message: Rob Herring: "Re: [PATCH v3 1/2] dt-bindings: mmc: Document Aspeed SD controller"
Previous message: Stephen Rothwell: "linux-next: Fixes tag needs some work in the net-next tree"
Next in thread: Jia Zhang: "Re: [PATCH] ima: Allow to import the blacklisted cert signed by secondary CA cert"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]