ima: Finish deprecation of IMA_TRUSTED_KEYRING Kconfig
[ Upstream commit be210c6d3597faf330cb9af33b9f1591d7b2a983 ] The removal of IMA_TRUSTED_KEYRING made IMA_LOAD_X509 and IMA_BLACKLIST_KEYRING unavailable because the latter two depend on the former. Since IMA_TRUSTED_KEYRING was deprecated in favor of INTEGRITY_TRUSTED_KEYRING use it as a dependency for the two Kconfigs affected by the deprecation. Fixes: 5087fd9e80e5 ("ima: Remove deprecated IMA_TRUSTED_KEYRING Kconfig") Signed-off-by: Oleksandr Tymoshenko <ovt@google.com> Reviewed-by: Nayna Jain <nayna@linux.ibm.com> Signed-off-by: Mimi Zohar <zohar@linux.ibm.com> Signed-off-by: Sasha Levin <sashal@kernel.org>
This commit is contained in:
parent
442e50393a
commit
8a1fa738b4
@ -263,7 +263,7 @@ config IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY
|
|||||||
config IMA_BLACKLIST_KEYRING
|
config IMA_BLACKLIST_KEYRING
|
||||||
bool "Create IMA machine owner blacklist keyrings (EXPERIMENTAL)"
|
bool "Create IMA machine owner blacklist keyrings (EXPERIMENTAL)"
|
||||||
depends on SYSTEM_TRUSTED_KEYRING
|
depends on SYSTEM_TRUSTED_KEYRING
|
||||||
depends on IMA_TRUSTED_KEYRING
|
depends on INTEGRITY_TRUSTED_KEYRING
|
||||||
default n
|
default n
|
||||||
help
|
help
|
||||||
This option creates an IMA blacklist keyring, which contains all
|
This option creates an IMA blacklist keyring, which contains all
|
||||||
@ -273,7 +273,7 @@ config IMA_BLACKLIST_KEYRING
|
|||||||
|
|
||||||
config IMA_LOAD_X509
|
config IMA_LOAD_X509
|
||||||
bool "Load X509 certificate onto the '.ima' trusted keyring"
|
bool "Load X509 certificate onto the '.ima' trusted keyring"
|
||||||
depends on IMA_TRUSTED_KEYRING
|
depends on INTEGRITY_TRUSTED_KEYRING
|
||||||
default n
|
default n
|
||||||
help
|
help
|
||||||
File signature verification is based on the public keys
|
File signature verification is based on the public keys
|
||||||
|
Loading…
Reference in New Issue
Block a user