-
David Howells authored
Partially revert commit 41c89b64 : Author: Petko Manolov <petkan@mip-labs.com> Date: Wed Dec 2 17:47:55 2015 +0200 IMA: create machine owner and blacklist keyrings The problem is that prep->trusted is a simple boolean and the additional x509_validate_trust() call doesn't therefore distinguish levels of trustedness, but is just OR'd with the result of validation against the system trusted keyring. However, setting the trusted flag means that this key may be added to *any* trusted-only keyring - including the system trusted keyring. Whilst I appreciate what the patch is trying to do, I don't think this is quite the right solution. Signed-off-by:
David Howells <dhowells@redhat.com> cc: Petko Manolov <petkan@mip-labs.com> cc: Mimi Zohar <zohar@linux.vnet.ibm.com> cc: keyrings@vger.kernel.org
aa9eeca6
