72e1eed8ab
If IMA_LOAD_X509 is enabled, either directly or indirectly via IMA_APPRAISE_SIGNED_INIT, certificates are loaded onto the IMA trusted keyring by the kernel via key_create_or_update(). When the KEY_ALLOC_TRUSTED flag is provided, certificates are loaded without first verifying the certificate is properly signed by a trusted key on the system keyring. This patch removes the KEY_ALLOC_TRUSTED flag. Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@huawei.com> Cc: <stable@vger.kernel.org> # 3.19+ Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com> |
||
|---|---|---|
| .. | ||
| evm | ||
| ima | ||
| digsig.c | ||
| digsig_asymmetric.c | ||
| iint.c | ||
| integrity.h | ||
| integrity_audit.c | ||
| Kconfig | ||
| Makefile | ||