summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorOleksandr Tymoshenko <ovt@google.com>2023-09-21 06:45:05 +0000
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>2023-10-10 21:59:07 +0200
commit9a103e0b100cc29a584b4568c5db9cba2f414d2c (patch)
tree6cdee0510b683df290324de58a1e3229f3a500b8
parentbb6aee0696c6535cb10bc44c1e5620e2f2cd43af (diff)
downloadlinux-stable-9a103e0b100cc29a584b4568c5db9cba2f414d2c.tar.gz
linux-stable-9a103e0b100cc29a584b4568c5db9cba2f414d2c.tar.bz2
linux-stable-9a103e0b100cc29a584b4568c5db9cba2f414d2c.zip
ima: Finish deprecation of IMA_TRUSTED_KEYRING Kconfig
[ Upstream commit be210c6d3597faf330cb9af33b9f1591d7b2a983 ] The removal of IMA_TRUSTED_KEYRING made IMA_LOAD_X509 and IMA_BLACKLIST_KEYRING unavailable because the latter two depend on the former. Since IMA_TRUSTED_KEYRING was deprecated in favor of INTEGRITY_TRUSTED_KEYRING use it as a dependency for the two Kconfigs affected by the deprecation. Fixes: 5087fd9e80e5 ("ima: Remove deprecated IMA_TRUSTED_KEYRING Kconfig") Signed-off-by: Oleksandr Tymoshenko <ovt@google.com> Reviewed-by: Nayna Jain <nayna@linux.ibm.com> Signed-off-by: Mimi Zohar <zohar@linux.ibm.com> Signed-off-by: Sasha Levin <sashal@kernel.org>
-rw-r--r--security/integrity/ima/Kconfig4
1 files changed, 2 insertions, 2 deletions
diff --git a/security/integrity/ima/Kconfig b/security/integrity/ima/Kconfig
index 7bc416c17211..220026248910 100644
--- a/security/integrity/ima/Kconfig
+++ b/security/integrity/ima/Kconfig
@@ -268,7 +268,7 @@ config IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY
config IMA_BLACKLIST_KEYRING
bool "Create IMA machine owner blacklist keyrings (EXPERIMENTAL)"
depends on SYSTEM_TRUSTED_KEYRING
- depends on IMA_TRUSTED_KEYRING
+ depends on INTEGRITY_TRUSTED_KEYRING
default n
help
This option creates an IMA blacklist keyring, which contains all
@@ -278,7 +278,7 @@ config IMA_BLACKLIST_KEYRING
config IMA_LOAD_X509
bool "Load X509 certificate onto the '.ima' trusted keyring"
- depends on IMA_TRUSTED_KEYRING
+ depends on INTEGRITY_TRUSTED_KEYRING
default n
help
File signature verification is based on the public keys