From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1752242AbcDFRG4 (ORCPT <rfc822;w@1wt.eu>);
	Wed, 6 Apr 2016 13:06:56 -0400
Received: from e23smtp07.au.ibm.com ([202.81.31.140]:50432 "EHLO
	e23smtp07.au.ibm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1751476AbcDFRGy (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Wed, 6 Apr 2016 13:06:54 -0400
X-IBM-Helo: d23dlp01.au.ibm.com
X-IBM-MailFrom: zohar@linux.vnet.ibm.com
X-IBM-RcptTo: keyrings@vger.kernel.org;linux-kernel@vger.kernel.org;linux-security-module@vger.kernel.org
Message-ID: <1459962349.3166.25.camel@linux.vnet.ibm.com>
Subject: Re: [PATCH] IMA: Use the system trusted keyrings instead of
 .ima_mok (update)
From: Mimi Zohar <zohar@linux.vnet.ibm.com>
To: David Howells <dhowells@redhat.com>
Cc: linux-security-module@vger.kernel.org, keyrings@vger.kernel.org,
        linux-kernel@vger.kernel.org
Date: Wed, 06 Apr 2016 13:05:49 -0400
In-Reply-To: <4392.1459959890@warthog.procyon.org.uk>
References: <1459911605.3166.13.camel@linux.vnet.ibm.com>
	 <4392.1459959890@warthog.procyon.org.uk>
Content-Type: text/plain; charset="UTF-8"
X-Mailer: Evolution 3.12.11 (3.12.11-1.fc21) 
Mime-Version: 1.0
Content-Transfer-Encoding: 7bit
X-TM-AS-MML: disable
X-Content-Scanned: Fidelis XPS MAILER
x-cbid: 16040617-0025-0000-0000-000004345FCA
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Wed, 2016-04-06 at 17:24 +0100, David Howells wrote:
> Looking in digsig.c, I see:
> 
> 	#ifdef CONFIG_INTEGRITY_TRUSTED_KEYRING
> 	static bool init_keyring __initdata = true;
> 	#else
> 	static bool init_keyring __initdata;
> 	#endif
> 
> Since this doesn't ever appear to be altered, should integrity_init_keyring()
> just be made conditionally compiled?

I'm not sure what you're asking.  If you're asking if the whole file can
be include based on whether this option is enabled, then no.

Mimi