From: dhowells@redhat.com (David Howells)
To: linux-security-module@vger.kernel.org
Subject: [PATCH v13 00/10] Make keyring link restrictions accessible from userspace
Date: Tue, 04 Apr 2017 08:28:21 +0100 [thread overview]
Message-ID: <20172.1491290901@warthog.procyon.org.uk> (raw)
In-Reply-To: <20170330235027.6879-1-mathew.j.martineau@linux.intel.com>
Mat Martineau <mathew.j.martineau@linux.intel.com> wrote:
> Documentation/crypto/asymmetric-keys.txt | 51 +++++++++
> Documentation/security/keys.txt | 66 +++++++++---
> certs/system_keyring.c | 39 +++++--
> crypto/asymmetric_keys/asymmetric_type.c | 102 ++++++++++++++++--
> crypto/asymmetric_keys/restrict.c | 161 ++++++++++++++++++++++++++-
> include/crypto/public_key.h | 15 ++-
> include/keys/system_keyring.h | 6 +-
> include/linux/key-type.h | 8 ++
> include/linux/key.h | 34 +++---
> include/uapi/linux/keyctl.h | 1 +
> security/keys/compat.c | 4 +
> security/keys/gc.c | 11 ++
> security/keys/internal.h | 5 +
> security/keys/key.c | 46 ++++----
> security/keys/keyctl.c | 58 ++++++++++
> security/keys/keyring.c | 179 +++++++++++++++++++++++++++++--
This breaks the integrity code which also uses keyring restrictions:
../security/integrity/digsig.c:46:30: error: passing argument 7 of 'keyring_alloc' from incompatible pointer type [-Werror=incompatible-pointer-types]
../security/integrity/digsig.c:46:30: note: in definition of macro 'restrict_link_to_ima'
#define restrict_link_to_ima restrict_link_by_builtin_and_secondary_trusted
David
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2017-04-04 7:28 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-03-30 23:50 [PATCH v13 00/10] Make keyring link restrictions accessible from userspace Mat Martineau
2017-03-30 23:50 ` [PATCH v13 01/10] KEYS: Use a typedef for restrict_link function pointers Mat Martineau
2017-03-30 23:50 ` [PATCH v13 02/10] KEYS: Split role of the keyring pointer for keyring restrict functions Mat Martineau
2017-03-30 23:50 ` [PATCH v13 03/10] KEYS: Add a key restriction struct Mat Martineau
2017-03-30 23:50 ` [PATCH v13 04/10] KEYS: Use structure to capture key restriction function and data Mat Martineau
2017-03-30 23:50 ` [PATCH v13 05/10] KEYS: Add an optional lookup_restriction hook to key_type Mat Martineau
2017-03-30 23:50 ` [PATCH v13 06/10] KEYS: Consistent ordering for __key_link_begin and restrict check Mat Martineau
2017-03-30 23:50 ` [PATCH v13 07/10] KEYS: Add KEYCTL_RESTRICT_KEYRING Mat Martineau
2017-03-30 23:50 ` [PATCH v13 08/10] KEYS: Add a lookup_restriction function for the asymmetric key type Mat Martineau
2017-03-30 23:50 ` [PATCH v13 09/10] KEYS: Restrict asymmetric key linkage using a specific keychain Mat Martineau
2017-03-30 23:50 ` [PATCH v13 10/10] KEYS: Keyring asymmetric key restrict method with chaining Mat Martineau
2017-04-03 15:24 ` [PATCH v13 00/10] Make keyring link restrictions accessible from userspace David Howells
2017-04-03 15:59 ` David Howells
2017-04-03 20:25 ` Mat Martineau
2017-04-03 23:02 ` David Howells
2017-04-04 7:28 ` David Howells [this message]
2017-04-04 7:30 ` David Howells
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20172.1491290901@warthog.procyon.org.uk \
--to=dhowells@redhat.com \
--cc=linux-security-module@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).