[PATCH] ima: Allow to import the blacklisted cert signed by secondary CA cert

[Mimi Zohar]

Hi Jia,

On Thu, 2019-08-01 at 09:23 +0800, Jia Zhang wrote:
> Similar to .ima, the cert imported to .ima_blacklist is able to be
> authenticated by a secondary CA cert.
> 
> Signed-off-by: Jia Zhang <zhang.jia at linux.alibaba.com>

The IMA blacklist, which is defined as experimental for a reason, was
upstreamed prior to the system blacklist.  Any reason you're not using
the system blacklist?  Before making this sort of change, I'd like
some input from others.

thanks,

Mimi