Re: [RFC PATCH 12/12] IMA: Use the the system trusted keyrings instead of .ima_mok [ver #3]
From: David Howells
Date: Wed Apr 06 2016 - 12:14:12 EST
Mimi Zohar <zohar@xxxxxxxxxxxxxxxxxx> wrote:
> FYI, restrict_link_by_ima_mok() allows keys to be added to the IMA
> keyring signed by a key on the .ima_mok keyring, but
> restrict_link_by_builtin_and_secondary_trusted() results in "errno:
> Required key not available (126)".
Is that fixed by fixing restrict_link_by_builtin_and_secondary_trusted() to
check the right keyring?
David