On Tue, 2016-03-08 at 13:13 +0000, David Howells wrote: > Mimi Zohar <zo...@linux.vnet.ibm.com> wrote: > > > but we're left with a lot of references to "system_trusted" (eg. > > restrict_link_to_system_trusted, depends on SYSTEM_TRUSTED_KEYRING > > How about I pluralise it to SYSTEM_TRUSTED_KEYRINGS? The fact that one is > called builtin and the other secondary doesn't detract from the fact that > they're both system-wide rings of trusted keys.
Would then restrict_link_to_system_trusted imply both the builtin and secondary keyrings or just the builtin keyrings? Changing the system keyring name to builtin keys, without changing the corresponding restrict_link name, obfuscates what is really happening. Mimi
