git.kernelconcepts.de Git - karo-tx-linux.git/commit

author	David Howells <dhowells@redhat.com>
	Thu, 7 Apr 2016 08:45:23 +0000 (09:45 +0100)
committer	David Howells <dhowells@redhat.com>
	Mon, 11 Apr 2016 21:49:15 +0000 (22:49 +0100)
commit	56104cf2b8d20eed32c14eac8ac574c35377ab38
tree	7fc12f22e49f9b799c998245f226906db293255e	tree \| snapshot
parent	d3bfe84129f65e0af2450743ebdab33d161d01c9	commit \| diff

IMA: Use the the system trusted keyrings instead of .ima_mok

Add a config option (IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY)
that, when enabled, allows keys to be added to the IMA keyrings by
userspace - with the restriction that each must be signed by a key in the
system trusted keyrings.

EPERM will be returned if this option is disabled, ENOKEY will be returned if
no authoritative key can be found and EKEYREJECTED will be returned if the
signature doesn't match. Other errors such as ENOPKG may also be returned.

If this new option is enabled, the builtin system keyring is searched, as is
the secondary system keyring if that is also enabled. Intermediate keys
between the builtin system keyring and the key being added can be added to
the secondary keyring (which replaces .ima_mok) to form a trust chain -
provided they are also validly signed by a key in one of the trusted keyrings.

The .ima_mok keyring is then removed and the IMA blacklist keyring gets its
own config option (IMA_BLACKLIST_KEYRING).

Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>

include/keys/system_keyring.h		diff \| blob \| history
security/integrity/digsig.c		diff \| blob \| history
security/integrity/ima/Kconfig		diff \| blob \| history
security/integrity/ima/Makefile		diff \| blob \| history
security/integrity/ima/ima_mok.c		diff \| blob \| history