Commit 8c2f516c authored by Bruno Meneguele's avatar Bruno Meneguele Committed by Mimi Zohar
Browse files

integrity: include keyring name for unknown key request 



Depending on the IMA policy rule a key may be searched for in multiple
keyrings (e.g. .ima and .platform) and possibly not found.  This patch
improves feedback by including the keyring "description" (name) in the
error message.

Signed-off-by: default avatarBruno Meneguele <bmeneg@redhat.com>
[zohar@linux.ibm.com: updated commit message]
Signed-off-by: default avatarMimi Zohar <zohar@linux.ibm.com>
parent e4d7e2df

security/integrity/digsig_asymmetric.c

+8 −2
Original line number Diff line number Diff line
@@ -55,8 +55,14 @@ static struct key *request_asymmetric_key(struct key *keyring, uint32_t keyid) 
	}



	if (IS_ERR(key)) {

		if (keyring)

			pr_err_ratelimited("Request for unknown key '%s' in '%s' keyring. err %ld\n",

					   name, keyring->description,

					   PTR_ERR(key));

		else

			pr_err_ratelimited("Request for unknown key '%s' err %ld\n",

					   name, PTR_ERR(key));



		switch (PTR_ERR(key)) {

			/* Hide some search errors */

		case -EACCES:

CRA Git | Maintained and supported by SUSTech CRA and CCSE