* [PATCH] MODSIGN: /proc/keys is not unconditionally available
@ 2015-01-13 14:57 Jiri Kosina
2015-01-22 20:42 ` Jiri Kosina
` (3 more replies)
0 siblings, 4 replies; 7+ messages in thread
From: Jiri Kosina @ 2015-01-13 14:57 UTC (permalink / raw)
To: David Howells, Rusty Russell, Jonathan Corbet; +Cc: linux-kernel, linux-doc
Documentation/module-signing.txt file is referring to /proc/keys file in
order to view all keys contained in the kernel's keyring. That file is not
universally avialble when CONFIG_KEYS is enabled, which is confusing. The
fact that the option needed for this procfs interface to exist contains
"_DEBUG_" in its name makes it even more confusing. Document this fact.
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
---
Documentation/module-signing.txt | 3 +++
1 file changed, 3 insertions(+)
diff --git a/Documentation/module-signing.txt b/Documentation/module-signing.txt
index 09c2382..09be78d 100644
--- a/Documentation/module-signing.txt
+++ b/Documentation/module-signing.txt
@@ -152,6 +152,9 @@ in a keyring called ".system_keyring" that can be seen by:
302d2d52 I------ 1 perm 1f010000 0 0 asymmetri Fedora kernel signing key: d69a84e6bce3d216b979e9505b3e3ef9a7118079: X509.RSA a7118079 []
...
+CONFIG_KEYS_DEBUG_PROC_KEYS needs to be enabled for the above procfs interface
+to be available.
+
Beyond the public key generated specifically for module signing, any file
placed in the kernel source root directory or the kernel build root directory
whose name is suffixed with ".x509" will be assumed to be an X.509 public key
--
Jiri Kosina
SUSE Labs
^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [PATCH] MODSIGN: /proc/keys is not unconditionally available
2015-01-13 14:57 [PATCH] MODSIGN: /proc/keys is not unconditionally available Jiri Kosina
@ 2015-01-22 20:42 ` Jiri Kosina
2015-01-22 22:28 ` David Howells
` (2 subsequent siblings)
3 siblings, 0 replies; 7+ messages in thread
From: Jiri Kosina @ 2015-01-22 20:42 UTC (permalink / raw)
To: David Howells, Rusty Russell, Jonathan Corbet; +Cc: linux-kernel, linux-doc
On Tue, 13 Jan 2015, Jiri Kosina wrote:
> Documentation/module-signing.txt file is referring to /proc/keys file in
> order to view all keys contained in the kernel's keyring. That file is not
> universally avialble when CONFIG_KEYS is enabled, which is confusing. The
> fact that the option needed for this procfs interface to exist contains
> "_DEBUG_" in its name makes it even more confusing. Document this fact.
>
> Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Noone complained, but it doesn't seem to have made its way to linux-next
either. I am now pushing it out to trivial.git.
> ---
> Documentation/module-signing.txt | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/Documentation/module-signing.txt b/Documentation/module-signing.txt
> index 09c2382..09be78d 100644
> --- a/Documentation/module-signing.txt
> +++ b/Documentation/module-signing.txt
> @@ -152,6 +152,9 @@ in a keyring called ".system_keyring" that can be seen by:
> 302d2d52 I------ 1 perm 1f010000 0 0 asymmetri Fedora kernel signing key: d69a84e6bce3d216b979e9505b3e3ef9a7118079: X509.RSA a7118079 []
> ...
>
> +CONFIG_KEYS_DEBUG_PROC_KEYS needs to be enabled for the above procfs interface
> +to be available.
> +
> Beyond the public key generated specifically for module signing, any file
> placed in the kernel source root directory or the kernel build root directory
> whose name is suffixed with ".x509" will be assumed to be an X.509 public key
>
> --
> Jiri Kosina
> SUSE Labs
>
--
Jiri Kosina
SUSE Labs
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] MODSIGN: /proc/keys is not unconditionally available
2015-01-13 14:57 [PATCH] MODSIGN: /proc/keys is not unconditionally available Jiri Kosina
2015-01-22 20:42 ` Jiri Kosina
@ 2015-01-22 22:28 ` David Howells
2015-01-23 10:50 ` Jiri Kosina
2015-01-28 19:12 ` Jonathan Corbet
2015-01-28 19:20 ` David Howells
3 siblings, 1 reply; 7+ messages in thread
From: David Howells @ 2015-01-22 22:28 UTC (permalink / raw)
To: Jiri Kosina
Cc: dhowells, Rusty Russell, Jonathan Corbet, linux-kernel, linux-doc
Jiri Kosina <jkosina@suse.cz> wrote:
> > Documentation/module-signing.txt file is referring to /proc/keys file in
> > order to view all keys contained in the kernel's keyring. That file is not
> > universally avialble when CONFIG_KEYS is enabled, which is confusing. The
> > fact that the option needed for this procfs interface to exist contains
> > "_DEBUG_" in its name makes it even more confusing. Document this fact.
> >
> > Signed-off-by: Jiri Kosina <jkosina@suse.cz>
>
> Noone complained, but it doesn't seem to have made its way to linux-next
> either. I am now pushing it out to trivial.git.
Sorry, I should've dealt with this. What we actually need to do is make
/proc/keys unconditional as it's used by libkeyutils.
David
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] MODSIGN: /proc/keys is not unconditionally available
2015-01-22 22:28 ` David Howells
@ 2015-01-23 10:50 ` Jiri Kosina
0 siblings, 0 replies; 7+ messages in thread
From: Jiri Kosina @ 2015-01-23 10:50 UTC (permalink / raw)
To: David Howells; +Cc: Rusty Russell, Jonathan Corbet, linux-kernel, linux-doc
On Thu, 22 Jan 2015, David Howells wrote:
> > > Documentation/module-signing.txt file is referring to /proc/keys file in
> > > order to view all keys contained in the kernel's keyring. That file is not
> > > universally avialble when CONFIG_KEYS is enabled, which is confusing. The
> > > fact that the option needed for this procfs interface to exist contains
> > > "_DEBUG_" in its name makes it even more confusing. Document this fact.
> > >
> > > Signed-off-by: Jiri Kosina <jkosina@suse.cz>
> >
> > Noone complained, but it doesn't seem to have made its way to linux-next
> > either. I am now pushing it out to trivial.git.
>
> Sorry, I should've dealt with this. What we actually need to do is make
> /proc/keys unconditional as it's used by libkeyutils.
OK, I am dropping the documentation update. Thanks,
--
Jiri Kosina
SUSE Labs
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] MODSIGN: /proc/keys is not unconditionally available
2015-01-13 14:57 [PATCH] MODSIGN: /proc/keys is not unconditionally available Jiri Kosina
2015-01-22 20:42 ` Jiri Kosina
2015-01-22 22:28 ` David Howells
@ 2015-01-28 19:12 ` Jonathan Corbet
2015-01-28 19:20 ` David Howells
3 siblings, 0 replies; 7+ messages in thread
From: Jonathan Corbet @ 2015-01-28 19:12 UTC (permalink / raw)
To: Jiri Kosina; +Cc: David Howells, Rusty Russell, linux-kernel, linux-doc
On Tue, 13 Jan 2015 15:57:10 +0100 (CET)
Jiri Kosina <jkosina@suse.cz> wrote:
> Documentation/module-signing.txt file is referring to /proc/keys file in
> order to view all keys contained in the kernel's keyring. That file is not
> universally avialble when CONFIG_KEYS is enabled, which is confusing. The
> fact that the option needed for this procfs interface to exist contains
> "_DEBUG_" in its name makes it even more confusing. Document this fact.
Applied to the docs tree, thanks.
jon
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] MODSIGN: /proc/keys is not unconditionally available
2015-01-13 14:57 [PATCH] MODSIGN: /proc/keys is not unconditionally available Jiri Kosina
` (2 preceding siblings ...)
2015-01-28 19:12 ` Jonathan Corbet
@ 2015-01-28 19:20 ` David Howells
2015-01-28 19:33 ` Jonathan Corbet
3 siblings, 1 reply; 7+ messages in thread
From: David Howells @ 2015-01-28 19:20 UTC (permalink / raw)
To: Jonathan Corbet
Cc: dhowells, Jiri Kosina, Rusty Russell, linux-kernel, linux-doc
Jonathan Corbet <corbet@lwn.net> wrote:
> > Documentation/module-signing.txt file is referring to /proc/keys file in
> > order to view all keys contained in the kernel's keyring. That file is not
> > universally avialble when CONFIG_KEYS is enabled, which is confusing. The
> > fact that the option needed for this procfs interface to exist contains
> > "_DEBUG_" in its name makes it even more confusing. Document this fact.
>
> Applied to the docs tree, thanks.
Can you unapply it please? I've put an alternative patch in my set that makes
/proc/keys unconditional and Jiri has dropped this one.
David
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] MODSIGN: /proc/keys is not unconditionally available
2015-01-28 19:20 ` David Howells
@ 2015-01-28 19:33 ` Jonathan Corbet
0 siblings, 0 replies; 7+ messages in thread
From: Jonathan Corbet @ 2015-01-28 19:33 UTC (permalink / raw)
To: David Howells; +Cc: Jiri Kosina, Rusty Russell, linux-kernel, linux-doc
On Wed, 28 Jan 2015 19:20:00 +0000
David Howells <dhowells@redhat.com> wrote:
> > Applied to the docs tree, thanks.
>
> Can you unapply it please? I've put an alternative patch in my set that makes
> /proc/keys unconditional and Jiri has dropped this one.
OK, done.
jon
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2015-01-28 20:54 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-01-13 14:57 [PATCH] MODSIGN: /proc/keys is not unconditionally available Jiri Kosina
2015-01-22 20:42 ` Jiri Kosina
2015-01-22 22:28 ` David Howells
2015-01-23 10:50 ` Jiri Kosina
2015-01-28 19:12 ` Jonathan Corbet
2015-01-28 19:20 ` David Howells
2015-01-28 19:33 ` Jonathan Corbet
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.