From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1752964AbcALP5F (ORCPT <rfc822;w@1wt.eu>);
	Tue, 12 Jan 2016 10:57:05 -0500
Received: from mx1.redhat.com ([209.132.183.28]:42150 "EHLO mx1.redhat.com"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1752757AbcALP5B (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
	Tue, 12 Jan 2016 10:57:01 -0500
Organization: Red Hat UK Ltd. Registered Address: Red Hat UK Ltd, Amberley
	Place, 107-111 Peascod Street, Windsor, Berkshire, SI4 1TE, United
	Kingdom.
	Registered in England and Wales under Company Registration No. 3798903
From: David Howells <dhowells@redhat.com>
In-Reply-To: <1452611828.4776.181.camel@linux.vnet.ibm.com>
References: <1452611828.4776.181.camel@linux.vnet.ibm.com> <1452604893.4776.134.camel@linux.vnet.ibm.com> <1452569755.4776.69.camel@linux.vnet.ibm.com> <88773.1452562139@eng-mail01.juniper.net> <1452470153.2651.60.camel@linux.vnet.ibm.com> <2033.1452447990@warthog.procyon.org.uk> <1452432410.2651.40.camel@linux.vnet.ibm.com> <20160106134525.15633.73582.stgit@warthog.procyon.org.uk> <24185.1452126854@warthog.procyon.org.uk> <1452180676.2890.21.camel@linux.vnet.ibm.com> <alpine.LRH.2.20.1601102135470.6161@namei.org> <3384.1452458018@warthog.procyon.org.uk> <27007.1452559481@warthog.procyon.org.uk> <31702.1452564218@warthog.procyon.org.uk> <31422.1452593319@warthog.procyon.org.uk> <14160.1452606924@warthog.procyon.org.uk>
To: Mimi Zohar <zohar@linux.vnet.ibm.com>
Cc: dhowells@redhat.com, "Mark D. Baushke" <mdb@juniper.net>,
        James Morris <jmorris@namei.org>,
        Marcel Holtmann <marcel@holtmann.org>, petkan@mip-labs.com,
        linux-security-module@vger.kernel.org, keyrings@vger.kernel.org,
        linux-kernel@vger.kernel.org
Subject: Re: [PATCH] X.509: Partially revert patch to add validation against IMA MOK keyring
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-ID: <16521.1452614218.1@warthog.procyon.org.uk>
Date: Tue, 12 Jan 2016 15:56:58 +0000
Message-ID: <16522.1452614218@warthog.procyon.org.uk>
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Mimi Zohar <zohar@linux.vnet.ibm.com> wrote:

> > > The name "restrict_link_by_ima_mok()" doesn't reflect that it is either
> > > the system keyring or the IMA MOK keyring.
> > 
> > How about restrict_link_by_ima_trusted()?
> 
> Good.  restrict_link_by_ima_trusted would only check the IMA MOK keyring
> if it was configured.

And the system keyring?

David