diff options
author | Oleksandr Tymoshenko <ovt@google.com> | 2023-09-21 06:45:05 +0000 |
---|---|---|
committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2023-10-10 21:59:07 +0200 |
commit | 9a103e0b100cc29a584b4568c5db9cba2f414d2c (patch) | |
tree | 6cdee0510b683df290324de58a1e3229f3a500b8 | |
parent | bb6aee0696c6535cb10bc44c1e5620e2f2cd43af (diff) | |
download | linux-stable-9a103e0b100cc29a584b4568c5db9cba2f414d2c.tar.gz linux-stable-9a103e0b100cc29a584b4568c5db9cba2f414d2c.tar.bz2 linux-stable-9a103e0b100cc29a584b4568c5db9cba2f414d2c.zip |
ima: Finish deprecation of IMA_TRUSTED_KEYRING Kconfig
[ Upstream commit be210c6d3597faf330cb9af33b9f1591d7b2a983 ]
The removal of IMA_TRUSTED_KEYRING made IMA_LOAD_X509
and IMA_BLACKLIST_KEYRING unavailable because the latter
two depend on the former. Since IMA_TRUSTED_KEYRING was
deprecated in favor of INTEGRITY_TRUSTED_KEYRING use it
as a dependency for the two Kconfigs affected by the
deprecation.
Fixes: 5087fd9e80e5 ("ima: Remove deprecated IMA_TRUSTED_KEYRING Kconfig")
Signed-off-by: Oleksandr Tymoshenko <ovt@google.com>
Reviewed-by: Nayna Jain <nayna@linux.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
-rw-r--r-- | security/integrity/ima/Kconfig | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/security/integrity/ima/Kconfig b/security/integrity/ima/Kconfig index 7bc416c17211..220026248910 100644 --- a/security/integrity/ima/Kconfig +++ b/security/integrity/ima/Kconfig @@ -268,7 +268,7 @@ config IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY config IMA_BLACKLIST_KEYRING bool "Create IMA machine owner blacklist keyrings (EXPERIMENTAL)" depends on SYSTEM_TRUSTED_KEYRING - depends on IMA_TRUSTED_KEYRING + depends on INTEGRITY_TRUSTED_KEYRING default n help This option creates an IMA blacklist keyring, which contains all @@ -278,7 +278,7 @@ config IMA_BLACKLIST_KEYRING config IMA_LOAD_X509 bool "Load X509 certificate onto the '.ima' trusted keyring" - depends on IMA_TRUSTED_KEYRING + depends on INTEGRITY_TRUSTED_KEYRING default n help File signature verification is based on the public keys |