On Sun, 2015-11-22 at 09:41 -0500, Mimi Zohar wrote: > On Fri, 2015-11-20 at 11:07 +0000, David Howells wrote: > > > > (*) Add Mimi's patches to allow keys/keyrings to be marked undeletable. This > > is for the purpose of creating blacklists and to prevent people from > > removing entries in the blacklist. Note that only the kernel can create > > a blacklist - we don't want userspace generating them as a way to take up > > kernel space. > > > > I think the right way to do this is to not allow marked keys to be > > unlinked from marked keyrings, but to allow marked keys to be unlinked > > from ordinary keyrings. > > > > The reason the 'keep' mark is required on individual keys is to prevent > > the keys from being directly revoked, expired or invalidated by keyctl > > without reference to the keyring. Marked keys that are set expirable > > when they're created will still expire and be subsequently removed and if > > a marked key or marked keyring loses all its references it still gets > > gc'd. > > Agreed. I'll fix and re-post soon. In addition to Petko's 3 patches, the ima-keyrings branch (git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git) contains these two patches. d939a88 IMA: prevent keys on the .ima_blacklist from being removed 77f33b5 KEYS: prevent keys from being removed from specified keyrings As the IMA patch is dependent on the KEYS patch, do you mind if the KEYS patch would be upstreamed together with this patch set? Mimi -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html