72e1eed8ab
If IMA_LOAD_X509 is enabled, either directly or indirectly via IMA_APPRAISE_SIGNED_INIT, certificates are loaded onto the IMA trusted keyring by the kernel via key_create_or_update(). When the KEY_ALLOC_TRUSTED flag is provided, certificates are loaded without first verifying the certificate is properly signed by a trusted key on the system keyring. This patch removes the KEY_ALLOC_TRUSTED flag. Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@huawei.com> Cc: <stable@vger.kernel.org> # 3.19+ Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com> |
||
---|---|---|
.. | ||
evm | ||
ima | ||
digsig_asymmetric.c | ||
digsig.c | ||
iint.c | ||
integrity_audit.c | ||
integrity.h | ||
Kconfig | ||
Makefile |