[PATCH] MODSIGN: /proc/keys is not unconditionally available

All of lore.kernel.org
 help / color / mirror / Atom feed

* [PATCH] MODSIGN: /proc/keys is not unconditionally available
@ 2015-01-13 14:57 Jiri Kosina
  2015-01-22 20:42 ` Jiri Kosina
                   ` (3 more replies)
  0 siblings, 4 replies; 7+ messages in thread
From: Jiri Kosina @ 2015-01-13 14:57 UTC (permalink / raw)
  To: David Howells, Rusty Russell, Jonathan Corbet; +Cc: linux-kernel, linux-doc

Documentation/module-signing.txt file is referring to /proc/keys file in 
order to view all keys contained in the kernel's keyring. That file is not 
universally avialble when CONFIG_KEYS is enabled, which is confusing. The 
fact that the option needed for this procfs interface to exist contains 
"_DEBUG_" in its name makes it even more confusing. Document this fact.

Signed-off-by: Jiri Kosina <jkosina@suse.cz>
---
 Documentation/module-signing.txt | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/Documentation/module-signing.txt b/Documentation/module-signing.txt
index 09c2382..09be78d 100644
--- a/Documentation/module-signing.txt
+++ b/Documentation/module-signing.txt
@@ -152,6 +152,9 @@ in a keyring called ".system_keyring" that can be seen by:
 	302d2d52 I------     1 perm 1f010000     0     0 asymmetri Fedora kernel signing key: d69a84e6bce3d216b979e9505b3e3ef9a7118079: X509.RSA a7118079 []
 	...
 
+CONFIG_KEYS_DEBUG_PROC_KEYS needs to be enabled for the above procfs interface
+to be available.
+
 Beyond the public key generated specifically for module signing, any file
 placed in the kernel source root directory or the kernel build root directory
 whose name is suffixed with ".x509" will be assumed to be an X.509 public key

-- 
Jiri Kosina
SUSE Labs

^ permalink raw reply related	[flat|nested] 7+ messages in thread

* Re: [PATCH] MODSIGN: /proc/keys is not unconditionally available
  2015-01-13 14:57 [PATCH] MODSIGN: /proc/keys is not unconditionally available Jiri Kosina
@ 2015-01-22 20:42 ` Jiri Kosina
  2015-01-22 22:28 ` David Howells
                   ` (2 subsequent siblings)
  3 siblings, 0 replies; 7+ messages in thread
From: Jiri Kosina @ 2015-01-22 20:42 UTC (permalink / raw)
  To: David Howells, Rusty Russell, Jonathan Corbet; +Cc: linux-kernel, linux-doc

On Tue, 13 Jan 2015, Jiri Kosina wrote:

> Documentation/module-signing.txt file is referring to /proc/keys file in 
> order to view all keys contained in the kernel's keyring. That file is not 
> universally avialble when CONFIG_KEYS is enabled, which is confusing. The 
> fact that the option needed for this procfs interface to exist contains 
> "_DEBUG_" in its name makes it even more confusing. Document this fact.
> 
> Signed-off-by: Jiri Kosina <jkosina@suse.cz>

Noone complained, but it doesn't seem to have made its way to linux-next 
either. I am now pushing it out to trivial.git.

> ---
>  Documentation/module-signing.txt | 3 +++
>  1 file changed, 3 insertions(+)
> 
> diff --git a/Documentation/module-signing.txt b/Documentation/module-signing.txt
> index 09c2382..09be78d 100644
> --- a/Documentation/module-signing.txt
> +++ b/Documentation/module-signing.txt
> @@ -152,6 +152,9 @@ in a keyring called ".system_keyring" that can be seen by:
>  	302d2d52 I------     1 perm 1f010000     0     0 asymmetri Fedora kernel signing key: d69a84e6bce3d216b979e9505b3e3ef9a7118079: X509.RSA a7118079 []
>  	...
>  
> +CONFIG_KEYS_DEBUG_PROC_KEYS needs to be enabled for the above procfs interface
> +to be available.
> +
>  Beyond the public key generated specifically for module signing, any file
>  placed in the kernel source root directory or the kernel build root directory
>  whose name is suffixed with ".x509" will be assumed to be an X.509 public key
> 
> -- 
> Jiri Kosina
> SUSE Labs
> 

-- 
Jiri Kosina
SUSE Labs

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [PATCH] MODSIGN: /proc/keys is not unconditionally available
  2015-01-13 14:57 [PATCH] MODSIGN: /proc/keys is not unconditionally available Jiri Kosina
  2015-01-22 20:42 ` Jiri Kosina
@ 2015-01-22 22:28 ` David Howells
  2015-01-23 10:50   ` Jiri Kosina
  2015-01-28 19:12 ` Jonathan Corbet
  2015-01-28 19:20 ` David Howells
  3 siblings, 1 reply; 7+ messages in thread
From: David Howells @ 2015-01-22 22:28 UTC (permalink / raw)
  To: Jiri Kosina
  Cc: dhowells, Rusty Russell, Jonathan Corbet, linux-kernel, linux-doc

Jiri Kosina <jkosina@suse.cz> wrote:

> > Documentation/module-signing.txt file is referring to /proc/keys file in 
> > order to view all keys contained in the kernel's keyring. That file is not 
> > universally avialble when CONFIG_KEYS is enabled, which is confusing. The 
> > fact that the option needed for this procfs interface to exist contains 
> > "_DEBUG_" in its name makes it even more confusing. Document this fact.
> > 
> > Signed-off-by: Jiri Kosina <jkosina@suse.cz>
> 
> Noone complained, but it doesn't seem to have made its way to linux-next 
> either. I am now pushing it out to trivial.git.

Sorry, I should've dealt with this.  What we actually need to do is make
/proc/keys unconditional as it's used by libkeyutils.

David

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [PATCH] MODSIGN: /proc/keys is not unconditionally available
  2015-01-22 22:28 ` David Howells
@ 2015-01-23 10:50   ` Jiri Kosina
  0 siblings, 0 replies; 7+ messages in thread
From: Jiri Kosina @ 2015-01-23 10:50 UTC (permalink / raw)
  To: David Howells; +Cc: Rusty Russell, Jonathan Corbet, linux-kernel, linux-doc

On Thu, 22 Jan 2015, David Howells wrote:

> > > Documentation/module-signing.txt file is referring to /proc/keys file in 
> > > order to view all keys contained in the kernel's keyring. That file is not 
> > > universally avialble when CONFIG_KEYS is enabled, which is confusing. The 
> > > fact that the option needed for this procfs interface to exist contains 
> > > "_DEBUG_" in its name makes it even more confusing. Document this fact.
> > > 
> > > Signed-off-by: Jiri Kosina <jkosina@suse.cz>
> > 
> > Noone complained, but it doesn't seem to have made its way to linux-next 
> > either. I am now pushing it out to trivial.git.
> 
> Sorry, I should've dealt with this.  What we actually need to do is make
> /proc/keys unconditional as it's used by libkeyutils.

OK, I am dropping the documentation update. Thanks,

-- 
Jiri Kosina
SUSE Labs

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [PATCH] MODSIGN: /proc/keys is not unconditionally available
  2015-01-13 14:57 [PATCH] MODSIGN: /proc/keys is not unconditionally available Jiri Kosina
  2015-01-22 20:42 ` Jiri Kosina
  2015-01-22 22:28 ` David Howells
@ 2015-01-28 19:12 ` Jonathan Corbet
  2015-01-28 19:20 ` David Howells
  3 siblings, 0 replies; 7+ messages in thread
From: Jonathan Corbet @ 2015-01-28 19:12 UTC (permalink / raw)
  To: Jiri Kosina; +Cc: David Howells, Rusty Russell, linux-kernel, linux-doc

On Tue, 13 Jan 2015 15:57:10 +0100 (CET)
Jiri Kosina <jkosina@suse.cz> wrote:

> Documentation/module-signing.txt file is referring to /proc/keys file in 
> order to view all keys contained in the kernel's keyring. That file is not 
> universally avialble when CONFIG_KEYS is enabled, which is confusing. The 
> fact that the option needed for this procfs interface to exist contains 
> "_DEBUG_" in its name makes it even more confusing. Document this fact.

Applied to the docs tree, thanks.

jon

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [PATCH] MODSIGN: /proc/keys is not unconditionally available
  2015-01-13 14:57 [PATCH] MODSIGN: /proc/keys is not unconditionally available Jiri Kosina
                   ` (2 preceding siblings ...)
  2015-01-28 19:12 ` Jonathan Corbet
@ 2015-01-28 19:20 ` David Howells
  2015-01-28 19:33   ` Jonathan Corbet
  3 siblings, 1 reply; 7+ messages in thread
From: David Howells @ 2015-01-28 19:20 UTC (permalink / raw)
  To: Jonathan Corbet
  Cc: dhowells, Jiri Kosina, Rusty Russell, linux-kernel, linux-doc

Jonathan Corbet <corbet@lwn.net> wrote:

> > Documentation/module-signing.txt file is referring to /proc/keys file in 
> > order to view all keys contained in the kernel's keyring. That file is not 
> > universally avialble when CONFIG_KEYS is enabled, which is confusing. The 
> > fact that the option needed for this procfs interface to exist contains 
> > "_DEBUG_" in its name makes it even more confusing. Document this fact.
> 
> Applied to the docs tree, thanks.

Can you unapply it please?  I've put an alternative patch in my set that makes
/proc/keys unconditional and Jiri has dropped this one.

David

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [PATCH] MODSIGN: /proc/keys is not unconditionally available
  2015-01-28 19:20 ` David Howells
@ 2015-01-28 19:33   ` Jonathan Corbet
  0 siblings, 0 replies; 7+ messages in thread
From: Jonathan Corbet @ 2015-01-28 19:33 UTC (permalink / raw)
  To: David Howells; +Cc: Jiri Kosina, Rusty Russell, linux-kernel, linux-doc

On Wed, 28 Jan 2015 19:20:00 +0000
David Howells <dhowells@redhat.com> wrote:

> > Applied to the docs tree, thanks.  
> 
> Can you unapply it please?  I've put an alternative patch in my set that makes
> /proc/keys unconditional and Jiri has dropped this one.

OK, done.

jon

^ permalink raw reply	[flat|nested] 7+ messages in thread

end of thread, other threads:[~2015-01-28 20:54 UTC | newest]

Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-01-13 14:57 [PATCH] MODSIGN: /proc/keys is not unconditionally available Jiri Kosina
2015-01-22 20:42 ` Jiri Kosina
2015-01-22 22:28 ` David Howells
2015-01-23 10:50   ` Jiri Kosina
2015-01-28 19:12 ` Jonathan Corbet
2015-01-28 19:20 ` David Howells
2015-01-28 19:33   ` Jonathan Corbet

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.