projects / deliverable / linux.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
KEYS: Add a facility to restrict new links into a keyring
[deliverable/linux.git] / security / integrity / ima / ima_mok.c
diff --git a/security/integrity/ima/ima_mok.c b/security/integrity/ima/ima_mok.c
index 676885e4320e4314d6003490645bd74d256ebf92..ef91248cb9347d755a6da62acc042feb29e0c30c 100644 (file)
--- a/security/integrity/ima/ima_mok.c
+++ b/security/integrity/ima/ima_mok.c
@@ -35,20 +35,20 @@ __init int ima_mok_init(void)
                              (KEY_POS_ALL & ~KEY_POS_SETATTR) |
                              KEY_USR_VIEW | KEY_USR_READ |
                              KEY_USR_WRITE | KEY_USR_SEARCH,
-                             KEY_ALLOC_NOT_IN_QUOTA, NULL);
+                             KEY_ALLOC_NOT_IN_QUOTA,
+                             keyring_restrict_trusted_only, NULL);
 
        ima_blacklist_keyring = keyring_alloc(".ima_blacklist",
                                KUIDT_INIT(0), KGIDT_INIT(0), current_cred(),
                                (KEY_POS_ALL & ~KEY_POS_SETATTR) |
                                KEY_USR_VIEW | KEY_USR_READ |
                                KEY_USR_WRITE | KEY_USR_SEARCH,
-                               KEY_ALLOC_NOT_IN_QUOTA, NULL);
+                               KEY_ALLOC_NOT_IN_QUOTA,
+                               keyring_restrict_trusted_only, NULL);
 
        if (IS_ERR(ima_mok_keyring) || IS_ERR(ima_blacklist_keyring))
                panic("Can't allocate IMA MOK or blacklist keyrings.");
-       set_bit(KEY_FLAG_TRUSTED_ONLY, &ima_mok_keyring->flags);
 
-       set_bit(KEY_FLAG_TRUSTED_ONLY, &ima_blacklist_keyring->flags);
        set_bit(KEY_FLAG_KEEP, &ima_blacklist_keyring->flags);
        return 0;
 }
Linux kernel - Deliverables
This page took 0.025797 seconds and 5 git commands to generate.