Re: [PATCH] IMA: Use the system trusted keyrings instead of .ima_mok (update)

From: Mimi Zohar
Date: Wed Apr 06 2016 - 13:06:58 EST

Next message: Bastien Philbert: "Re: [PATCH] btrfs:Change BUG_ON to new error path in __clear_extent_bit"
Previous message: Zhao Lei: "RE: [PATCH] sched/cpuacct: Check for NULL when using task_pt_regs()"
In reply to: David Howells: "Re: [PATCH] IMA: Use the system trusted keyrings instead of .ima_mok (update)"
Next in thread: David Howells: "Re: [PATCH] IMA: Use the system trusted keyrings instead of .ima_mok (update)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 2016-04-06 at 17:24 +0100, David Howells wrote:
> Looking in digsig.c, I see:
>
> #ifdef CONFIG_INTEGRITY_TRUSTED_KEYRING
> static bool init_keyring __initdata = true;
> #else
> static bool init_keyring __initdata;
> #endif
>
> Since this doesn't ever appear to be altered, should integrity_init_keyring()
> just be made conditionally compiled?

I'm not sure what you're asking. If you're asking if the whole file can
be include based on whether this option is enabled, then no.

Mimi

Next message: Bastien Philbert: "Re: [PATCH] btrfs:Change BUG_ON to new error path in __clear_extent_bit"
Previous message: Zhao Lei: "RE: [PATCH] sched/cpuacct: Check for NULL when using task_pt_regs()"
In reply to: David Howells: "Re: [PATCH] IMA: Use the system trusted keyrings instead of .ima_mok (update)"
Next in thread: David Howells: "Re: [PATCH] IMA: Use the system trusted keyrings instead of .ima_mok (update)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]