From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1751305AbbJXJfq (ORCPT <rfc822;w@1wt.eu>);
	Sat, 24 Oct 2015 05:35:46 -0400
Received: from lan.nucleusys.com ([92.247.61.126]:51378 "EHLO
	zztop.nucleusys.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org
	with ESMTP id S1750714AbbJXJfn (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Sat, 24 Oct 2015 05:35:43 -0400
Date: Sat, 24 Oct 2015 12:35:49 +0300
From: Petko Manolov <petkan@mip-labs.com>
To: Mimi Zohar <zohar@linux.vnet.ibm.com>
Cc: Dmitry Kasatkin <dmitry.kasatkin@gmail.com>,
        linux-ima-devel@lists.sourceforge.net,
        linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org,
        Dmitry Kasatkin <dmitry.kasatkin@huawei.com>
Subject: Re: [PATCHv3 1/6] integrity: define '.evm' as a builtin 'trusted'
 keyring
Message-ID: <20151024091016.GA10998@localhost>
Mail-Followup-To: Mimi Zohar <zohar@linux.vnet.ibm.com>,
	Dmitry Kasatkin <dmitry.kasatkin@gmail.com>,
	linux-ima-devel@lists.sourceforge.net,
	linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org,
	Dmitry Kasatkin <dmitry.kasatkin@huawei.com>
References: <cover.1445539084.git.dmitry.kasatkin@huawei.com>
 <f0e136f90bff2f694648f1d6c43549dbd11c6cc5.1445539084.git.dmitry.kasatkin@huawei.com>
 <20151023130450.GL5224@localhost>
 <1445625833.2459.360.camel@linux.vnet.ibm.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <1445625833.2459.360.camel@linux.vnet.ibm.com>
User-Agent: Mutt/1.5.24 (2015-08-30)
X-Spam-Score: -1.0 (-)
X-Spam-Report: Spam detection software, running on the system "zztop.nucleusys.com",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 Content preview:  On 15-10-23 14:43:53, Mimi Zohar wrote: > On Fri, 2015-10-23
    at 16:05 +0300, Petko Manolov wrote: > > On 15-10-22 21:49:25, Dmitry Kasatkin
    wrote: > > > > diff --git a/security/integrity/ima/Kconfig b/security/integrity/ima/Kconfig
    > > > index df30334..a292b88 100644 > > > --- a/security/integrity/ima/Kconfig
    > > > +++ b/security/integrity/ima/Kconfig > > > @@ -123,14 +123,17 @@ config
    IMA_APPRAISE > > > If unsure, say N. > > > > > > config IMA_TRUSTED_KEYRING
    > > > - bool "Require all keys on the .ima keyring be signed" > > > + bool
    "Require all keys on the .ima keyring be signed (deprecated)" > > > depends
    on IMA_APPRAISE && SYSTEM_TRUSTED_KEYRING > > > depends on INTEGRITY_ASYMMETRIC_KEYS
    > > > + select INTEGRITY_TRUSTED_KEYRING > > > default y > > > help > > >
    This option requires that all keys added to the .ima > > > keyring be signed
    by a key on the system trusted keyring. > > > > > > + This option is deprecated
    in favor of INTEGRITY_TRUSTED_KEYRING > > > + > > > config IMA_LOAD_X509
   > > > bool "Load X509 certificate onto the '.ima' trusted keyring" > > > depends
    on IMA_TRUSTED_KEYRING > > > > > > I guess we may as well remove this switch.
    Otherwise somebody have to remember > > to post a patch that does so a few
    kernel releases after this one goes mainline. > > There's no harm in leaving
    the "IMA_TRUSTED_KEYRING" Kconfig option for a > couple of releases (or perhaps
    until it is enabled in a long term release), so > that the INTEGRITY_TRUSTED_KEYRING
    Kconfig option is enabled automatically. [...] 
 Content analysis details:   (-1.0 points, 5.0 required)
  pts rule name              description
 ---- ---------------------- --------------------------------------------------
 -1.0 ALL_TRUSTED            Passed through trusted hosts only via SMTP
  0.0 TVD_RCVD_IP            Message was received from an IP address
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On 15-10-23 14:43:53, Mimi Zohar wrote:
> On Fri, 2015-10-23 at 16:05 +0300, Petko Manolov wrote:
> > On 15-10-22 21:49:25, Dmitry Kasatkin wrote:
> 
> > > diff --git a/security/integrity/ima/Kconfig b/security/integrity/ima/Kconfig
> > > index df30334..a292b88 100644
> > > --- a/security/integrity/ima/Kconfig
> > > +++ b/security/integrity/ima/Kconfig
> > > @@ -123,14 +123,17 @@ config IMA_APPRAISE
> > >  	  If unsure, say N.
> > >  
> > >  config IMA_TRUSTED_KEYRING
> > > -	bool "Require all keys on the .ima keyring be signed"
> > > +	bool "Require all keys on the .ima keyring be signed (deprecated)"
> > >  	depends on IMA_APPRAISE && SYSTEM_TRUSTED_KEYRING
> > >  	depends on INTEGRITY_ASYMMETRIC_KEYS
> > > +	select INTEGRITY_TRUSTED_KEYRING
> > >  	default y
> > >  	help
> > >  	   This option requires that all keys added to the .ima
> > >  	   keyring be signed by a key on the system trusted keyring.
> > >  
> > > +	   This option is deprecated in favor of INTEGRITY_TRUSTED_KEYRING
> > > +
> > >  config IMA_LOAD_X509
> > >  	bool "Load X509 certificate onto the '.ima' trusted keyring"
> > >  	depends on IMA_TRUSTED_KEYRING
> > 
> > 
> > I guess we may as well remove this switch.  Otherwise somebody have to remember 
> > to post a patch that does so a few kernel releases after this one goes mainline.
> 
> There's no harm in leaving the "IMA_TRUSTED_KEYRING" Kconfig option for a 
> couple of releases (or perhaps until it is enabled in a long term release), so 
> that the INTEGRITY_TRUSTED_KEYRING Kconfig option is enabled automatically.

I have no strong opinion either way.  Just saying.  Let it be for the moment.


		Petko