diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2013-11-23 16:36:35 -0800 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2013-11-23 16:36:35 -0800 |
| commit | 34ef7bd3823bf4401bf8f1f855e1bc77b82b1a43 (patch) | |
| tree | 80b9e7de72353048b5e933d634d64bd14d0eb00c /security/integrity/digsig.c | |
| parent | 26b265cd29dde56bf0901c421eabc7ae815f38c4 (diff) | |
Revert "ima: define '_ima' as a builtin 'trusted' keyring"
This reverts commit 217091dd7a7a1bdac027ddb7c5a25f6ac0b8e241, which
caused the following build error:
security/integrity/digsig.c:70:5: error: redefinition of ‘integrity_init_keyring’
security/integrity/integrity.h:149:12: note: previous definition of ‘integrity_init_keyring’ w
security/integrity/integrity.h:149:12: warning: ‘integrity_init_keyring’ defined but not used
reported by Krzysztof Kolasa. Mimi says:
"I made the classic mistake of requesting this patch to be upstreamed
at the last second, rather than waiting until the next open window.
At this point, the best course would probably be to revert the two
commits and fix them for the next open window"
Reported-by: Krzysztof Kolasa <kkolasa@winsoft.pl>
Acked-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'security/integrity/digsig.c')
| -rw-r--r-- | security/integrity/digsig.c | 30 |
1 files changed, 1 insertions, 29 deletions
diff --git a/security/integrity/digsig.c b/security/integrity/digsig.c index 77ca965ab684..b4af4ebc5be2 100644 --- a/security/integrity/digsig.c +++ b/security/integrity/digsig.c @@ -13,9 +13,7 @@ #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt #include <linux/err.h> -#include <linux/sched.h> #include <linux/rbtree.h> -#include <linux/cred.h> #include <linux/key-type.h> #include <linux/digsig.h> @@ -23,19 +21,11 @@ static struct key *keyring[INTEGRITY_KEYRING_MAX]; -#ifdef CONFIG_IMA_TRUSTED_KEYRING -static const char *keyring_name[INTEGRITY_KEYRING_MAX] = { - ".evm", - ".module", - ".ima", -}; -#else static const char *keyring_name[INTEGRITY_KEYRING_MAX] = { "_evm", "_module", "_ima", }; -#endif int integrity_digsig_verify(const unsigned int id, const char *sig, int siglen, const char *digest, int digestlen) @@ -45,7 +35,7 @@ int integrity_digsig_verify(const unsigned int id, const char *sig, int siglen, if (!keyring[id]) { keyring[id] = - request_key(&key_type_keyring, keyring_name[id], NULL); + request_key(&key_type_keyring, keyring_name[id], NULL); if (IS_ERR(keyring[id])) { int err = PTR_ERR(keyring[id]); pr_err("no %s keyring: %d\n", keyring_name[id], err); @@ -66,21 +56,3 @@ int integrity_digsig_verify(const unsigned int id, const char *sig, int siglen, return -EOPNOTSUPP; } - -int integrity_init_keyring(const unsigned int id) -{ - const struct cred *cred = current_cred(); - const struct user_struct *user = cred->user; - - keyring[id] = keyring_alloc(keyring_name[id], KUIDT_INIT(0), - KGIDT_INIT(0), cred, - ((KEY_POS_ALL & ~KEY_POS_SETATTR) | - KEY_USR_VIEW | KEY_USR_READ), - KEY_ALLOC_NOT_IN_QUOTA, user->uid_keyring); - if (!IS_ERR(keyring[id])) - set_bit(KEY_FLAG_TRUSTED_ONLY, &keyring[id]->flags); - else - pr_info("Can't allocate %s keyring (%ld)\n", - keyring_name[id], PTR_ERR(keyring[id])); - return 0; -} |