Revert "ima: define '_ima' as a builtin 'trusted' keyring"

This reverts commit 217091dd7a7a1bdac027ddb7c5a25f6ac0b8e241, which caused the following build error: security/integrity/digsig.c:70:5: error: redefinition of ‘integrity_init_keyring’ security/integrity/integrity.h:149:12: note: previous definition of ‘integrity_init_keyring’ w security/integrity/integrity.h:149:12: warning: ‘integrity_init_keyring’ defined but not used reported by Krzysztof Kolasa. Mimi says: "I made the classic mistake of requesting this patch to be upstreamed at the last second, rather than waiting until the next open window. At this point, the best course would probably be to revert the two commits and fix them for the next open window" Reported-by: Krzysztof Kolasa <kkolasa@winsoft.pl> Acked-by: Mimi Zohar <zohar@linux.vnet.ibm.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
author: Linus Torvalds <torvalds@linux-foundation.org> 2013-11-23 19:36:35 -0500
committer: Linus Torvalds <torvalds@linux-foundation.org> 2013-11-23 19:36:35 -0500
commit: 34ef7bd3823bf4401bf8f1f855e1bc77b82b1a43 (patch)
tree: 80b9e7de72353048b5e933d634d64bd14d0eb00c /security/integrity/ima
parent: 26b265cd29dde56bf0901c421eabc7ae815f38c4 (diff)
2 files changed, 0 insertions, 19 deletions
diff --git a/security/integrity/ima/Kconfig b/security/integrity/ima/Kconfig
index dad8d4ca2437..81a27971d884 100644
--- a/security/integrity/ima/Kconfig
+++ b/security/integrity/ima/Kconfig
@@ -123,11 +123,3 @@ config IMA_APPRAISE
          For more information on integrity appraisal refer to:
          <http://linux-ima.sourceforge.net>
          If unsure, say N.
-config IMA_TRUSTED_KEYRING
-        bool "Require all keys on the _ima keyring be signed"
-        depends on IMA_APPRAISE && SYSTEM_TRUSTED_KEYRING
-        default y
-        help
-           This option requires that all keys added to the _ima
-           keyring be signed by a key on the system trusted keyring.
diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c
index 46353ee517f6..734e9468aca0 100644
--- a/security/integrity/ima/ima_appraise.c
+++ b/security/integrity/ima/ima_appraise.c
@@ -381,14 +381,3 @@ int ima_inode_removexattr(struct dentry *dentry, const char *xattr_name)
        }
        return result;
 }
-#ifdef CONFIG_IMA_TRUSTED_KEYRING
-static int __init init_ima_keyring(void)
-{
-        int ret;
-        ret = integrity_init_keyring(INTEGRITY_KEYRING_IMA);
-        return 0;
-}
-late_initcall(init_ima_keyring);
-#endif
author	Linus Torvalds <torvalds@linux-foundation.org>	2013-11-23 19:36:35 -0500
committer	Linus Torvalds <torvalds@linux-foundation.org>	2013-11-23 19:36:35 -0500
commit	34ef7bd3823bf4401bf8f1f855e1bc77b82b1a43 (patch)
tree	80b9e7de72353048b5e933d634d64bd14d0eb00c /security/integrity/ima
parent	26b265cd29dde56bf0901c421eabc7ae815f38c4 (diff)

diff --git a/security/integrity/ima/Kconfig b/security/integrity/ima/Kconfig index dad8d4ca2437..81a27971d884 100644 --- a/security/integrity/ima/Kconfig +++ b/security/integrity/ima/Kconfig
@@ -123,11 +123,3 @@ config IMA_APPRAISE
123	For more information on integrity appraisal refer to:	123	For more information on integrity appraisal refer to:
124	<http://linux-ima.sourceforge.net>	124	<http://linux-ima.sourceforge.net>
125	If unsure, say N.	125	If unsure, say N.
126
127	config IMA_TRUSTED_KEYRING
128	bool "Require all keys on the _ima keyring be signed"
129	depends on IMA_APPRAISE && SYSTEM_TRUSTED_KEYRING
130	default y
131	help
132	This option requires that all keys added to the _ima
133	keyring be signed by a key on the system trusted keyring.


diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c index 46353ee517f6..734e9468aca0 100644 --- a/security/integrity/ima/ima_appraise.c +++ b/security/integrity/ima/ima_appraise.c
@@ -381,14 +381,3 @@ int ima_inode_removexattr(struct dentry dentry, const char xattr_name)
381	}	381	}
382	return result;	382	return result;
383	}	383	}
384
385	#ifdef CONFIG_IMA_TRUSTED_KEYRING
386	static int __init init_ima_keyring(void)
387	{
388	int ret;
389
390	ret = integrity_init_keyring(INTEGRITY_KEYRING_IMA);
391	return 0;
392	}
393	late_initcall(init_ima_keyring);
394	#endif