From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752188AbcDFQrt (ORCPT ); Wed, 6 Apr 2016 12:47:49 -0400 Received: from e28smtp04.in.ibm.com ([125.16.236.4]:34866 "EHLO e28smtp04.in.ibm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751507AbcDFQrr (ORCPT ); Wed, 6 Apr 2016 12:47:47 -0400 X-IBM-Helo: d28relay01.in.ibm.com X-IBM-MailFrom: zohar@linux.vnet.ibm.com X-IBM-RcptTo: linux-kernel@vger.kernel.org;keyrings@vger.kernel.org;linux-security-module@vger.kernel.org Message-ID: <1459961251.3166.21.camel@linux.vnet.ibm.com> Subject: Re: [RFC PATCH 12/12] IMA: Use the the system trusted keyrings instead of .ima_mok [ver #3] From: Mimi Zohar To: David Howells Cc: linux-security-module@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org Date: Wed, 06 Apr 2016 12:47:31 -0400 In-Reply-To: <3191.1459959224@warthog.procyon.org.uk> References: <1459889302.3166.5.camel@linux.vnet.ibm.com> <20160309111814.28811.95697.stgit@warthog.procyon.org.uk> <20160309111939.28811.7952.stgit@warthog.procyon.org.uk> <3191.1459959224@warthog.procyon.org.uk> Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.12.11 (3.12.11-1.fc21) Mime-Version: 1.0 Content-Transfer-Encoding: 7bit X-TM-AS-MML: disable x-cbid: 16040616-0013-0000-0000-00000B7A4A78 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, 2016-04-06 at 17:13 +0100, David Howells wrote: > Mimi Zohar wrote: > > > FYI, restrict_link_by_ima_mok() allows keys to be added to the IMA > > keyring signed by a key on the .ima_mok keyring, but > > restrict_link_by_builtin_and_secondary_trusted() results in "errno: > > Required key not available (126)". > > Is that fixed by fixing restrict_link_by_builtin_and_secondary_trusted() to > check the right keyring? Yes