From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752090AbcDPUfK (ORCPT ); Sat, 16 Apr 2016 16:35:10 -0400 Received: from mout.kundenserver.de ([212.227.17.24]:53927 "EHLO mout.kundenserver.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751711AbcDPUfI (ORCPT ); Sat, 16 Apr 2016 16:35:08 -0400 From: Arnd Bergmann To: Mimi Zohar , Dmitry Kasatkin Cc: Arnd Bergmann , James Morris , "Serge E. Hallyn" , Petko Manolov , David Howells , linux-ima-devel@lists.sourceforge.net, linux-ima-user@lists.sourceforge.net, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH] IMA: add INTEGRITY_ASYMMETRIC_KEYS dependency Date: Sat, 16 Apr 2016 22:33:54 +0200 Message-Id: <1460838870-1251174-1-git-send-email-arnd@arndb.de> X-Mailer: git-send-email 2.7.0 X-Provags-ID: V03:K0:4xK1ANPWoPUZ+FMtdSwhgVVGnsRv522NrK22JgwOW4w98uK/3yt F29c/M/KvSD9OCajDu6DfXr7lgcpCOd0NVVPYR6VnjSaMFjomc83rhWCVvOtJjtOOiDr55t cWXWj9ovz8O+bYvI9f50MUvV/ALulQ5S+oJeZ1Q4IgdfPLpt5C1/agqS73LNPXXjyptQDrW FDDdFDmgQUL8DQBy7Yh9A== X-UI-Out-Filterresults: notjunk:1;V01:K0:3i1icZfaEJU=:iSQuMQJZjjn54DcEtxp4kN JefcThBOpLQI7q/ca54i2Mia/5DVJAwjeRd3obcXL4+YV2uXXyzQ72634enRtEbx4DgQH2TBm 33PsQ2zHxJZuQRhFIkO6Z85x0P2VKzNVwRqKMTH67ulvcvNI5QE8QdEWa/2UR9EHwQ8YC5BVQ ZNvF50UgBzeY6Rk8wJ84i1tgH6bNsBz1ZgBh7Qj1oNVC3JF+jFpfV/EJCsZe1xxPeC39jHZ9C 8AK0C6koewQnxOsroF6EVZZdw3od5dGS0t/hy4QXCVXer8UD9GSyrUjGGF/z59wFu778+jmzo L6GNcpDTAG4IP5SCiAAyL9iC//101c4DZaYZMcsh899EI380sI37iMVvguxtDb9LKRkGAlhl0 ZY4ggADTwWjvMty4/Gq6hCBhHnOfdW084txFpNVXWcxHe7D40CXWq7XU4WSrOP4bF3MMyOlj3 rmnUwdyNbqgfPQYjLdF8n2chpjjhTXKHel/lC0yN1T5rPgsKIxBEsmqOJWOAwqZD30wLXMxva Zy9890S3hk9KqoBZrOIxTplkMXN/QeseC/HSVWawPOR2K5zbazTD6NNd3WqywdytEaHdK0FoV DxIRTkV6uGJ6d9dQSOXRKogafEAit4tuSbrf6YkJ4+ch0LqKvLxqB5Y7xMR+amxv0TSzcQmdn +H0RyPxdgUZP8Pw7Nx6vU17kaAGBnYll99BVX/fdOWoLAE1Kpp71dbdHaCZCbjll6R/A= Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org The newly added CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY option only makes sense in combination with INTEGRITY_ASYMMETRIC_KEYS, otherwise we get a build error: warning: (IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY) selects INTEGRITY_TRUSTED_KEYRING which has unmet direct dependencies (INTEGRITY && SYSTEM_TRUSTED_KEYRING && INTEGRITY_ASYMMETRIC_KEYS) security/integrity/evm/evm_main.c: In function 'evm_load_x509': security/integrity/evm/evm_main.c:494:7: error: implicit declaration of function 'integrity_load_x509' rc = integrity_load_x509(INTEGRITY_KEYRING_EVM, CONFIG_EVM_X509_PATH); This adds a Kconfig dependency. Signed-off-by: Arnd Bergmann Fixes: 9e1bbe8b8992 ("IMA: Use the the system trusted keyrings instead of .ima_mok") --- security/integrity/ima/Kconfig | 1 + 1 file changed, 1 insertion(+) diff --git a/security/integrity/ima/Kconfig b/security/integrity/ima/Kconfig index aab9b0a53edf..5487827fa86c 100644 --- a/security/integrity/ima/Kconfig +++ b/security/integrity/ima/Kconfig @@ -159,6 +159,7 @@ config IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY bool "Permit keys validly signed by a built-in or secondary CA cert (EXPERIMENTAL)" depends on SYSTEM_TRUSTED_KEYRING depends on SECONDARY_TRUSTED_KEYRING + depends on INTEGRITY_ASYMMETRIC_KEYS select INTEGRITY_TRUSTED_KEYRING default n help -- 2.7.0