[PATCH] MODSIGN: /proc/keys is not unconditionally available

From: Jiri Kosina
Date: Tue Jan 13 2015 - 09:57:17 EST


Documentation/module-signing.txt file is referring to /proc/keys file in
order to view all keys contained in the kernel's keyring. That file is not
universally avialble when CONFIG_KEYS is enabled, which is confusing. The
fact that the option needed for this procfs interface to exist contains
"_DEBUG_" in its name makes it even more confusing. Document this fact.

Signed-off-by: Jiri Kosina <jkosina@xxxxxxx>
---
Documentation/module-signing.txt | 3 +++
1 file changed, 3 insertions(+)

diff --git a/Documentation/module-signing.txt b/Documentation/module-signing.txt
index 09c2382..09be78d 100644
--- a/Documentation/module-signing.txt
+++ b/Documentation/module-signing.txt
@@ -152,6 +152,9 @@ in a keyring called ".system_keyring" that can be seen by:
302d2d52 I------ 1 perm 1f010000 0 0 asymmetri Fedora kernel signing key: d69a84e6bce3d216b979e9505b3e3ef9a7118079: X509.RSA a7118079 []
...

+CONFIG_KEYS_DEBUG_PROC_KEYS needs to be enabled for the above procfs interface
+to be available.
+
Beyond the public key generated specifically for module signing, any file
placed in the kernel source root directory or the kernel build root directory
whose name is suffixed with ".x509" will be assumed to be an X.509 public key

--
Jiri Kosina
SUSE Labs
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/