summaryrefslogtreecommitdiff
path: root/include/linux/fs.h
diff options
context:
space:
mode:
authorChristoph Hellwig <hch@lst.de>2017-09-10 10:49:45 +0300
committerMimi Zohar <zohar@linux.vnet.ibm.com>2017-11-08 23:16:36 +0300
commita7d3d0392a325d630225b7dbccf2558f944114e5 (patch)
treefa0e65c07ebf6e6df340d6f0ab0b9f2ca62d3acd /include/linux/fs.h
parentf3cc6b25dcc5616f0d5c720009b2ac66f97df2ff (diff)
downloadlinux-a7d3d0392a325d630225b7dbccf2558f944114e5.tar.xz
integrity: use kernel_read_file_from_path() to read x509 certs
The CONFIG_IMA_LOAD_X509 and CONFIG_EVM_LOAD_X509 options permit loading x509 signed certificates onto the trusted keyrings without verifying the x509 certificate file's signature. This patch replaces the call to the integrity_read_file() specific function with the common kernel_read_file_from_path() function. To avoid verifying the file signature, this patch defines READING_X509_CERTFICATE. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Diffstat (limited to 'include/linux/fs.h')
-rw-r--r--include/linux/fs.h1
1 files changed, 1 insertions, 0 deletions
diff --git a/include/linux/fs.h b/include/linux/fs.h
index 339e73742e73..456325084f1d 100644
--- a/include/linux/fs.h
+++ b/include/linux/fs.h
@@ -2792,6 +2792,7 @@ extern int do_pipe_flags(int *, int);
id(KEXEC_IMAGE, kexec-image) \
id(KEXEC_INITRAMFS, kexec-initramfs) \
id(POLICY, security-policy) \
+ id(X509_CERTIFICATE, x509-certificate) \
id(MAX_ID, )
#define __fid_enumify(ENUM, dummy) READING_ ## ENUM,