On 12/4/19 3:16 AM, Mimi Zohar wrote: Hi Mimi,
The integrity subsystem, and other concepts upstreamed to support it, are being used by different people/companies in different ways. I know some of the ways, but not all, as how it is being used. For example, Mat Martineau gave an LSS2019-NA talk titled "Using and Implementing Keyring Restrictions for Userspace". I don't know if he would be interested in measuring keys on these restricted userspace keyrings, but before we limit how a new feature works, we should at least look to see if that limitation is really necessary. Mimi
I have updated the patch per your suggestion - if uid is specified in the policy for key measurement, then it is checked against the current user's credential.
Please review the updated patch set (v10). thanks, -lakshmi
