Re: [RFC PATCH 11/12] certs: Add a secondary system keyring that can be added to dynamically [ver #2]

From: Mimi Zohar
Date: Tue Mar 08 2016 - 09:32:29 EST


On Tue, 2016-03-08 at 13:13 +0000, David Howells wrote:
> Mimi Zohar <zohar@xxxxxxxxxxxxxxxxxx> wrote:
>
> > but we're left with a lot of references to "system_trusted" (eg.
> > restrict_link_to_system_trusted, depends on SYSTEM_TRUSTED_KEYRING
>
> How about I pluralise it to SYSTEM_TRUSTED_KEYRINGS? The fact that one is
> called builtin and the other secondary doesn't detract from the fact that
> they're both system-wide rings of trusted keys.

Would then restrict_link_to_system_trusted imply both the builtin and
secondary keyrings or just the builtin keyrings? Changing the system
keyring name to builtin keys, without changing the corresponding
restrict_link name, obfuscates what is really happening.

Mimi