[PATCH v5 04/12] integrity: restrict INTEGRITY_KEYRING_MACHINE to restrict_link_by_ca
Mimi Zohar
zohar at linux.ibm.com
Thu Sep 9 18:19:38 UTC 2021
On Thu, 2021-09-09 at 11:53 -0600, Eric Snowberg wrote:
> > On Sep 9, 2021, at 11:25 AM, Mimi Zohar <zohar at linux.ibm.com> wrote:
> >
> > On Tue, 2021-09-07 at 12:01 -0400, Eric Snowberg wrote:
> >> Set the restriction check for INTEGRITY_KEYRING_MACHINE keys to
> >> restrict_link_by_ca. This will only allow CA keys into the machine
> >> keyring.
> >>
> >> Signed-off-by: Eric Snowberg <eric.snowberg at oracle.com>
> >
> > Normally the new function, in this case the restriction, and usage
> > should be defined together. Any reason why 3/12 and 4/12 are two
> > separate patches?
>
> I split them since they cross subsystems.
That makes sense.
thanks,
Mimi
More information about the Linux-security-module-archive
mailing list