Re: [PATCH] IMA: Use the system trusted keyrings instead of .ima_mok (update)

Mimi Zohar wrote: > Please feel free to squash this patch with yours of the same name (12/12). > > Just replace the .ima_mok keyring with the .secondary_trusted_keys. > > Signed-off-by: Mimi Zohar Okay, I've squashed it and am posting a new

Re: [PATCH] IMA: Use the system trusted keyrings instead of .ima_mok (update)

Mimi Zohar wrote: > Please feel free to squash this patch with yours of the same name (12/12). > > Just replace the .ima_mok keyring with the .secondary_trusted_keys. > > Signed-off-by: Mimi Zohar Okay, I've squashed it and am posting a new set. How do you want your changes attributing to

Re: [PATCH] IMA: Use the system trusted keyrings instead of .ima_mok (update)

On Wed, 2016-04-06 at 19:10 +0100, David Howells wrote: > Mimi Zohar wrote: > > > I'm not sure what you're asking. If you're asking if the whole file can > > be include based on whether this option is enabled, then no. > > No - but integrity_init_keyring() just

Re: [PATCH] IMA: Use the system trusted keyrings instead of .ima_mok (update)

On Wed, 2016-04-06 at 19:10 +0100, David Howells wrote: > Mimi Zohar wrote: > > > I'm not sure what you're asking. If you're asking if the whole file can > > be include based on whether this option is enabled, then no. > > No - but integrity_init_keyring() just returns if init_keyring is false

Re: [PATCH] IMA: Use the system trusted keyrings instead of .ima_mok (update)

Mimi Zohar wrote: > I'm not sure what you're asking. If you're asking if the whole file can > be include based on whether this option is enabled, then no. No - but integrity_init_keyring() just returns if init_keyring is false - but this is a variable and is assigned

Re: [PATCH] IMA: Use the system trusted keyrings instead of .ima_mok (update)

Mimi Zohar wrote: > I'm not sure what you're asking. If you're asking if the whole file can > be include based on whether this option is enabled, then no. No - but integrity_init_keyring() just returns if init_keyring is false - but this is a variable and is assigned storage, despite the fact

Re: [PATCH] IMA: Use the system trusted keyrings instead of .ima_mok (update)

On Wed, 2016-04-06 at 17:24 +0100, David Howells wrote: > Looking in digsig.c, I see: > > #ifdef CONFIG_INTEGRITY_TRUSTED_KEYRING > static bool init_keyring __initdata = true; > #else > static bool init_keyring __initdata; > #endif > > Since this doesn't ever appear

Re: [PATCH] IMA: Use the system trusted keyrings instead of .ima_mok (update)

On Wed, 2016-04-06 at 17:24 +0100, David Howells wrote: > Looking in digsig.c, I see: > > #ifdef CONFIG_INTEGRITY_TRUSTED_KEYRING > static bool init_keyring __initdata = true; > #else > static bool init_keyring __initdata; > #endif > > Since this doesn't ever appear

Re: [PATCH] IMA: Use the system trusted keyrings instead of .ima_mok (update)

Looking in digsig.c, I see: #ifdef CONFIG_INTEGRITY_TRUSTED_KEYRING static bool init_keyring __initdata = true; #else static bool init_keyring __initdata; #endif Since this doesn't ever appear to be altered, should integrity_init_keyring() just be made

Re: [PATCH] IMA: Use the system trusted keyrings instead of .ima_mok (update)

Looking in digsig.c, I see: #ifdef CONFIG_INTEGRITY_TRUSTED_KEYRING static bool init_keyring __initdata = true; #else static bool init_keyring __initdata; #endif Since this doesn't ever appear to be altered, should integrity_init_keyring() just be made

[PATCH] IMA: Use the system trusted keyrings instead of .ima_mok (update)

Hi David, Please feel free to squash this patch with yours of the same name (12/12). Just replace the .ima_mok keyring with the .secondary_trusted_keys. Signed-off-by: Mimi Zohar --- include/keys/system_keyring.h| 4 +-- security/integrity/digsig.c | 9

[PATCH] IMA: Use the system trusted keyrings instead of .ima_mok (update)

Hi David, Please feel free to squash this patch with yours of the same name (12/12). Just replace the .ima_mok keyring with the .secondary_trusted_keys. Signed-off-by: Mimi Zohar --- include/keys/system_keyring.h| 4 +-- security/integrity/digsig.c | 9 ++