Re: [PATCH v8 09/17] KEYS: Rename get_builtin_and_secondary_restriction

[PATCH v8 00/17] Enroll kernel keys thru MOK · Eric Snowberg <eric.snowberg@oracle.com> · 2021-11-24
[PATCH v8 07/17] integrity: restrict INTEGRITY_KEYRING_MACHINE to restrict_link_by_ca · Eric Snowberg <eric.snowberg@oracle.com> · 2021-11-24
Re: [PATCH v8 07/17] integrity: restrict INTEGRITY_KEYRING_MACHINE to restrict_link_by_ca · Darren Kenny <hidden> · 2022-02-14
[PATCH v8 05/17] X.509: Parse Basic Constraints for CA · Eric Snowberg <eric.snowberg@oracle.com> · 2021-11-24
Re: [PATCH v8 05/17] X.509: Parse Basic Constraints for CA · Jarkko Sakkinen <jarkko@kernel.org> · 2021-11-27
[PATCH v8 06/17] KEYS: CA link restriction · Eric Snowberg <eric.snowberg@oracle.com> · 2021-11-24
Re: [PATCH v8 06/17] KEYS: CA link restriction · Jarkko Sakkinen <jarkko@kernel.org> · 2021-11-27
[PATCH v8 03/17] integrity: Introduce a Linux keyring called machine · Eric Snowberg <eric.snowberg@oracle.com> · 2021-11-24
Re: [PATCH v8 03/17] integrity: Introduce a Linux keyring called machine · Mimi Zohar <zohar@linux.ibm.com> · 2021-11-25
Re: [PATCH v8 03/17] integrity: Introduce a Linux keyring called machine · Eric Snowberg <eric.snowberg@oracle.com> · 2021-11-29
Re: [PATCH v8 03/17] integrity: Introduce a Linux keyring called machine · Jarkko Sakkinen <jarkko@kernel.org> · 2021-11-27
[PATCH v8 13/17] integrity: store reference to machine keyring · Eric Snowberg <eric.snowberg@oracle.com> · 2021-11-24
Re: [PATCH v8 13/17] integrity: store reference to machine keyring · Darren Kenny <hidden> · 2022-02-14
[PATCH v8 12/17] KEYS: integrity: change link restriction to trust the machine keyring · Eric Snowberg <eric.snowberg@oracle.com> · 2021-11-24
[PATCH v8 09/17] KEYS: Rename get_builtin_and_secondary_restriction · Eric Snowberg <eric.snowberg@oracle.com> · 2021-11-24
Re: [PATCH v8 09/17] KEYS: Rename get_builtin_and_secondary_restriction · Jarkko Sakkinen <jarkko@kernel.org> · 2021-11-27
Re: [PATCH v8 09/17] KEYS: Rename get_builtin_and_secondary_restriction · Eric Snowberg <eric.snowberg@oracle.com> · 2021-11-30
Re: [PATCH v8 09/17] KEYS: Rename get_builtin_and_secondary_restriction · Jarkko Sakkinen <jarkko@kernel.org> · 2021-12-01
Re: [PATCH v8 09/17] KEYS: Rename get_builtin_and_secondary_restriction · Mimi Zohar <zohar@linux.ibm.com> · 2021-12-01
Re: [PATCH v8 09/17] KEYS: Rename get_builtin_and_secondary_restriction · Jarkko Sakkinen <jarkko@kernel.org> · 2021-12-04
Re: [PATCH v8 09/17] KEYS: Rename get_builtin_and_secondary_restriction · Eric Snowberg <eric.snowberg@oracle.com> · 2021-12-15
Re: [PATCH v8 09/17] KEYS: Rename get_builtin_and_secondary_restriction · Mimi Zohar <zohar@linux.ibm.com> · 2021-12-15
[PATCH v8 11/17] KEYS: Introduce link restriction for machine keys · Eric Snowberg <eric.snowberg@oracle.com> · 2021-11-24
Re: [PATCH v8 11/17] KEYS: Introduce link restriction for machine keys · Darren Kenny <hidden> · 2022-02-14
[PATCH v8 10/17] KEYS: add a reference to machine keyring · Eric Snowberg <eric.snowberg@oracle.com> · 2021-11-24
Re: [PATCH v8 10/17] KEYS: add a reference to machine keyring · Darren Kenny <hidden> · 2022-02-14
[PATCH v8 14/17] KEYS: link machine trusted keys to secondary_trusted_keys · Eric Snowberg <eric.snowberg@oracle.com> · 2021-11-24
Re: [PATCH v8 14/17] KEYS: link machine trusted keys to secondary_trusted_keys · Darren Kenny <hidden> · 2022-02-14
[PATCH v8 02/17] integrity: Fix warning about missing prototypes · Eric Snowberg <eric.snowberg@oracle.com> · 2021-11-24
[PATCH v8 17/17] integrity: Only use machine keyring when uefi_check_trust_mok_keys is true · Eric Snowberg <eric.snowberg@oracle.com> · 2021-11-24
Re: [PATCH v8 17/17] integrity: Only use machine keyring when uefi_check_trust_mok_keys is true · Darren Kenny <hidden> · 2022-02-14
[PATCH v8 15/17] efi/mokvar: move up init order · Eric Snowberg <eric.snowberg@oracle.com> · 2021-11-24
Re: [PATCH v8 15/17] efi/mokvar: move up init order · Darren Kenny <hidden> · 2022-02-14
[PATCH v8 04/17] integrity: Do not allow machine keyring updates following init · Eric Snowberg <eric.snowberg@oracle.com> · 2021-11-24
Re: [PATCH v8 04/17] integrity: Do not allow machine keyring updates following init · Jarkko Sakkinen <jarkko@kernel.org> · 2021-11-27
[PATCH v8 16/17] integrity: Trust MOK keys if MokListTrustedRT found · Eric Snowberg <eric.snowberg@oracle.com> · 2021-11-24
Re: [PATCH v8 16/17] integrity: Trust MOK keys if MokListTrustedRT found · Darren Kenny <hidden> · 2022-02-14
Re: [PATCH v8 16/17] integrity: Trust MOK keys if MokListTrustedRT found · Morten Linderud <hidden> · 2022-11-10
Re: [PATCH v8 16/17] integrity: Trust MOK keys if MokListTrustedRT found · Eric Snowberg <eric.snowberg@oracle.com> · 2022-11-10
Re: [PATCH v8 16/17] integrity: Trust MOK keys if MokListTrustedRT found · Morten Linderud <hidden> · 2022-11-10
Re: [PATCH v8 16/17] integrity: Trust MOK keys if MokListTrustedRT found · James Bottomley <James.Bottomley@HansenPartnership.com> · 2022-11-10
Re: [PATCH v8 16/17] integrity: Trust MOK keys if MokListTrustedRT found · Ard Biesheuvel <ardb@kernel.org> · 2022-11-10
Re: [PATCH v8 16/17] integrity: Trust MOK keys if MokListTrustedRT found · Ard Biesheuvel <ardb@kernel.org> · 2022-11-10
Re: [PATCH v8 16/17] integrity: Trust MOK keys if MokListTrustedRT found · Morten Linderud <hidden> · 2022-11-10
Re: [PATCH v8 16/17] integrity: Trust MOK keys if MokListTrustedRT found · James Bottomley <James.Bottomley@HansenPartnership.com> · 2022-11-10
[PATCH v8 08/17] integrity: add new keyring handler for mok keys · Eric Snowberg <eric.snowberg@oracle.com> · 2021-11-24
Re: [PATCH v8 08/17] integrity: add new keyring handler for mok keys · Jarkko Sakkinen <jarkko@kernel.org> · 2021-11-27
[PATCH v8 01/17] KEYS: Create static version of public_key_verify_signature · Eric Snowberg <eric.snowberg@oracle.com> · 2021-11-24
Re: [PATCH v8 00/17] Enroll kernel keys thru MOK · Jarkko Sakkinen <jarkko@kernel.org> · 2022-02-20

From: Eric Snowberg <eric.snowberg@oracle.com>
Date: 2021-11-30 17:38:58
Also in: keyrings, linux-crypto, linux-integrity, linux-security-module, lkml

On Nov 26, 2021, at 5:49 PM, Jarkko Sakkinen [off-list ref] wrote:

On Tue, 2021-11-23 at 23:41 -0500, Eric Snowberg wrote:

quoted

In preparation for returning either the existing
restrict_link_by_builtin_and_secondary_trusted or the upcoming
restriction that includes the trusted builtin, secondary and
machine keys, to improve clarity, rename
get_builtin_and_secondary_restriction to get_secondary_restriction.

Suggested-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Eric Snowberg <eric.snowberg@oracle.com>
Reviewed-by: Mimi Zohar <zohar@linux.ibm.com>
---
v6: Initial version
v7: Unmodified from v7
v8: Code unmodified from v7, added Mimi's Reviewed-by
---
 certs/system_keyring.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/certs/system_keyring.c b/certs/system_keyring.c
index 692365dee2bd..8f1f87579819 100644
--- a/certs/system_keyring.c
+++ b/certs/system_keyring.c

@@ -77,7 +77,7 @@ int restrict_link_by_builtin_and_secondary_trusted(
  * Allocate a struct key_restriction for the "builtin and secondary trust"
  * keyring. Only for use in system_trusted_keyring_init().
  */
-static __init struct key_restriction *get_builtin_and_secondary_restriction(void)
+static __init struct key_restriction *get_secondary_restriction(void)
 {
        struct key_restriction *restriction;

@@ -117,7 +117,7 @@ static __init int system_trusted_keyring_init(void)
                               KEY_USR_VIEW | KEY_USR_READ | KEY_USR_SEARCH |
                               KEY_USR_WRITE),
                              KEY_ALLOC_NOT_IN_QUOTA,
-                             get_builtin_and_secondary_restriction(),
+                             get_secondary_restriction(),
                              NULL);
        if (IS_ERR(secondary_trusted_keys))
                panic("Can't allocate secondary trusted keyring\n");

This is wrong order.

You should first do the changes that make the old name
obsolete and only after that have a patch that does the
rename. Unfortunately, this patch cannot possibly acked
with the current order.

I can change the order, but I'm confused how this would work for a git bisect. 
If the rename happens afterwards, now two patches will always need to be 
reverted instead of the possibility of one.  Is this your expectation?

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help