• Dmitry Kasatkin's avatar
    ima: load x509 certificate from the kernel · fd5f4e90
    Dmitry Kasatkin authored
    Define configuration option to load X509 certificate into the
    IMA trusted kernel keyring. It implements ima_load_x509() hook
    to load X509 certificate into the .ima trusted kernel keyring
    from the root filesystem.
    
    Changes in v3:
    * use ima_policy_flag in ima_get_action()
      ima_load_x509 temporarily clears ima_policy_flag to disable
      appraisal to load key. Use it to skip appraisal rules.
    * Key directory path changed to /etc/keys (Mimi)
    * Expand IMA_LOAD_X509 Kconfig help
    
    Changes in v2:
    * added '__init'
    * use ima_policy_flag to disable appraisal to load keys
    Signed-off-by: default avatarDmitry Kasatkin <d.kasatkin@samsung.com>
    Signed-off-by: default avatarMimi Zohar <zohar@linux.vnet.ibm.com>
    fd5f4e90
ima_api.c 9.29 KB