Re: [RFC PATCH 12/12] IMA: Use the the system trusted keyrings instead of .ima_mok [ver #3]
From: Mimi Zohar
Date: Wed Apr 06 2016 - 12:47:52 EST
On Wed, 2016-04-06 at 17:13 +0100, David Howells wrote:
> Mimi Zohar <zohar@xxxxxxxxxxxxxxxxxx> wrote:
>
> > FYI, restrict_link_by_ima_mok() allows keys to be added to the IMA
> > keyring signed by a key on the .ima_mok keyring, but
> > restrict_link_by_builtin_and_secondary_trusted() results in "errno:
> > Required key not available (126)".
>
> Is that fixed by fixing restrict_link_by_builtin_and_secondary_trusted() to
> check the right keyring?
Yes