From: Jiri Kosina <jkosina@suse.cz>
To: David Howells <dhowells@redhat.com>,
Rusty Russell <rusty@rustcorp.com.au>,
Jonathan Corbet <corbet@lwn.net>
Cc: linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org
Subject: Re: [PATCH] MODSIGN: /proc/keys is not unconditionally available
Date: Thu, 22 Jan 2015 21:42:58 +0100 (CET) [thread overview]
Message-ID: <alpine.LNX.2.00.1501222142160.10817@pobox.suse.cz> (raw)
In-Reply-To: <alpine.LNX.2.00.1501131555510.4162@pobox.suse.cz>
On Tue, 13 Jan 2015, Jiri Kosina wrote:
> Documentation/module-signing.txt file is referring to /proc/keys file in
> order to view all keys contained in the kernel's keyring. That file is not
> universally avialble when CONFIG_KEYS is enabled, which is confusing. The
> fact that the option needed for this procfs interface to exist contains
> "_DEBUG_" in its name makes it even more confusing. Document this fact.
>
> Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Noone complained, but it doesn't seem to have made its way to linux-next
either. I am now pushing it out to trivial.git.
> ---
> Documentation/module-signing.txt | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/Documentation/module-signing.txt b/Documentation/module-signing.txt
> index 09c2382..09be78d 100644
> --- a/Documentation/module-signing.txt
> +++ b/Documentation/module-signing.txt
> @@ -152,6 +152,9 @@ in a keyring called ".system_keyring" that can be seen by:
> 302d2d52 I------ 1 perm 1f010000 0 0 asymmetri Fedora kernel signing key: d69a84e6bce3d216b979e9505b3e3ef9a7118079: X509.RSA a7118079 []
> ...
>
> +CONFIG_KEYS_DEBUG_PROC_KEYS needs to be enabled for the above procfs interface
> +to be available.
> +
> Beyond the public key generated specifically for module signing, any file
> placed in the kernel source root directory or the kernel build root directory
> whose name is suffixed with ".x509" will be assumed to be an X.509 public key
>
> --
> Jiri Kosina
> SUSE Labs
>
--
Jiri Kosina
SUSE Labs
next prev parent reply other threads:[~2015-01-22 20:43 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-01-13 14:57 [PATCH] MODSIGN: /proc/keys is not unconditionally available Jiri Kosina
2015-01-22 20:42 ` Jiri Kosina [this message]
2015-01-22 22:28 ` David Howells
2015-01-23 10:50 ` Jiri Kosina
2015-01-28 19:12 ` Jonathan Corbet
2015-01-28 19:20 ` David Howells
2015-01-28 19:33 ` Jonathan Corbet
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=alpine.LNX.2.00.1501222142160.10817@pobox.suse.cz \
--to=jkosina@suse.cz \
--cc=corbet@lwn.net \
--cc=dhowells@redhat.com \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=rusty@rustcorp.com.au \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.