Re: [RFC PATCH 18/20] IMA: Use the system blacklist keyring [ver #2]

From: David Howells
Date: Fri Feb 19 2016 - 06:58:47 EST


Mimi Zohar <zohar@xxxxxxxxxxxxxxxxxx> wrote:

> As discussed, "restrict_link_by_system_trusted" is not enough. The
> certificate being added should be in a revoked list as well.

What do you mean be a "revoked list"? There currently isn't such a beast in
IMA. The patches I've proposed should make the functionality available
approximately the same as exists now.

David