linux/security
Luca Boccassi f40998a8e6 ipe: fallback to platform keyring also if key in trusted keyring is rejected
If enabled, we fallback to the platform keyring if the trusted keyring
doesn't have the key used to sign the ipe policy. But if pkcs7_verify()
rejects the key for other reasons, such as usage restrictions, we do not
fallback. Do so, following the same change in dm-verity.

Signed-off-by: Luca Boccassi <bluca@debian.org>
Suggested-by: Serge Hallyn <serge@hallyn.com>
[FW: fixed some line length issues and a typo in the commit message]
Signed-off-by: Fan Wu <wufan@kernel.org>
2024-10-18 12:14:53 -07:00
..
apparmor move asm/unaligned.h to linux/unaligned.h 2024-10-02 17:23:23 -04:00
bpf
integrity
ipe ipe: fallback to platform keyring also if key in trusted keyring is rejected 2024-10-18 12:14:53 -07:00
keys move asm/unaligned.h to linux/unaligned.h 2024-10-02 17:23:23 -04:00
landlock Landlock updates for v6.12-rc1 2024-09-24 10:40:11 -07:00
loadpin
lockdown
safesetid
selinux bpf-next-6.12-struct-fd 2024-09-24 14:54:26 -07:00
smack lsm/stable-6.12 PR 20240923 2024-09-24 10:18:15 -07:00
tomoyo tomoyo: revert CONFIG_SECURITY_TOMOYO_LKM support 2024-10-04 11:41:22 -04:00
yama
commoncap.c
device_cgroup.c
inode.c
Kconfig
Kconfig.hardening hardening: Adjust dependencies in selection of MODVERSIONS 2024-09-28 13:56:03 -07:00
lsm_audit.c
lsm_syscalls.c
Makefile
min_addr.c
security.c bcachefs: do not use PF_MEMALLOC_NORECLAIM 2024-10-09 12:47:18 -07:00