projects / firefly-linux-kernel-4.4.55.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 65d543b) | patch
ima: load x509 certificate from the kernel
authorDmitry Kasatkin <d.kasatkin@samsung.com>
Wed, 5 Nov 2014 15:01:14 +0000 (17:01 +0200)
committerMimi Zohar <zohar@linux.vnet.ibm.com>
Tue, 18 Nov 2014 04:12:00 +0000 (23:12 -0500)
commitfd5f4e9054acbf4f22fac81a358baf3c27aa42ac
tree1f17112d28c5dcf786d7edb3e950c51812d2d28dtree | snapshot
parent65d543b2335ede80e5e66bc4f559f62db5f469bdcommit | diff
ima: load x509 certificate from the kernel

Define configuration option to load X509 certificate into the
IMA trusted kernel keyring. It implements ima_load_x509() hook
to load X509 certificate into the .ima trusted kernel keyring
from the root filesystem.

Changes in v3:
* use ima_policy_flag in ima_get_action()
  ima_load_x509 temporarily clears ima_policy_flag to disable
  appraisal to load key. Use it to skip appraisal rules.
* Key directory path changed to /etc/keys (Mimi)
* Expand IMA_LOAD_X509 Kconfig help

Changes in v2:
* added '__init'
* use ima_policy_flag to disable appraisal to load keys

Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
security/integrity/ima/Kconfig diff | blob | history
security/integrity/ima/ima_api.c diff | blob | history
security/integrity/ima/ima_init.c diff | blob | history
security/integrity/integrity.h diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.