ima: define '_ima' as a builtin 'trusted' keyring
authorMimi Zohar <zohar@linux.vnet.ibm.com>
Tue, 13 Aug 2013 12:47:43 +0000 (08:47 -0400)
committerMimi Zohar <zohar@linux.vnet.ibm.com>
Fri, 1 Nov 2013 00:20:48 +0000 (20:20 -0400)
commit217091dd7a7a1bdac027ddb7c5a25f6ac0b8e241
tree3a8a39da527431153698fc73640db47e8a1bd43a
parentbcbc9b0cf6d8f340a1d166e414f4612b353f7a9b
ima: define '_ima' as a builtin 'trusted' keyring

Require all keys added to the IMA keyring be signed by an
existing trusted key on the system trusted keyring.

Changelog:
- define stub integrity_init_keyring() function (reported-by Fengguang Wu)
- differentiate between regular and trusted keyring names.
- replace printk with pr_info (D. Kasatkin)

Signed-off-by: Mimi Zohar <zohar@us.ibm.com>
security/integrity/digsig.c
security/integrity/ima/Kconfig
security/integrity/ima/ima_appraise.c
security/integrity/integrity.h