From: Mimi Zohar <zohar@linux.vnet.ibm.com>
To: David Howells <dhowells@redhat.com>
Cc: linux-security-module@vger.kernel.org, keyrings@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH] IMA: Use the system trusted keyrings instead of .ima_mok (update)
Date: Wed, 06 Apr 2016 14:50:54 -0400 [thread overview]
Message-ID: <1459968654.3166.39.camel@linux.vnet.ibm.com> (raw)
In-Reply-To: <10434.1459966209@warthog.procyon.org.uk>
On Wed, 2016-04-06 at 19:10 +0100, David Howells wrote:
> Mimi Zohar <zohar@linux.vnet.ibm.com> wrote:
>
> > I'm not sure what you're asking. If you're asking if the whole file can
> > be include based on whether this option is enabled, then no.
>
> No - but integrity_init_keyring() just returns if init_keyring is false - but
> this is a variable and is assigned storage, despite the fact that its value is
> only set at compile time as far as I can see.
Originally userspace created the original IMA and EVM keyrings, while
the dot prefixed trusted keyrings were created by the kernel. The
kernel could just as well create the original underscore prefixed IMA
and EVM keyrings.
Mimi
next prev parent reply other threads:[~2016-04-06 18:51 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-04-06 3:00 [PATCH] IMA: Use the system trusted keyrings instead of .ima_mok (update) Mimi Zohar
2016-04-06 16:24 ` David Howells
2016-04-06 17:05 ` Mimi Zohar
2016-04-06 18:10 ` David Howells
2016-04-06 18:50 ` Mimi Zohar [this message]
2016-04-07 9:01 ` David Howells
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1459968654.3166.39.camel@linux.vnet.ibm.com \
--to=zohar@linux.vnet.ibm.com \
--cc=dhowells@redhat.com \
--cc=keyrings@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox