Hi Jia, On Thu, 2019-08-01 at 09:23 +0800, Jia Zhang wrote: > Similar to .ima, the cert imported to .ima_blacklist is able to be > authenticated by a secondary CA cert. > > Signed-off-by: Jia Zhang <zhang.jia@xxxxxxxxxxxxxxxxx> The IMA blacklist, which is defined as experimental for a reason, was upstreamed prior to the system blacklist. Any reason you're not using the system blacklist? Before making this sort of change, I'd like some input from others. thanks, Mimi
