Revert "ima: define '_ima' as a builtin 'trusted' keyring"

This reverts commit 217091dd7a, which caused the following build error: security/integrity/digsig.c:70:5: error: redefinition of ‘integrity_init_keyring’ security/integrity/integrity.h:149:12: note: previous definition of ‘integrity_init_keyring’ w security/integrity/integrity.h:149:12: warning: ‘integrity_init_keyring’ defined but not used reported by Krzysztof Kolasa. Mimi says: "I made the classic mistake of requesting this patch to be upstreamed at the last second, rather than waiting until the next open window. At this point, the best course would probably be to revert the two commits and fix them for the next open window" Reported-by: Krzysztof Kolasa <kkolasa@winsoft.pl> Acked-by: Mimi Zohar <zohar@linux.vnet.ibm.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2013-11-23 16:36:35 -08:00
parent 26b265cd29
commit 34ef7bd382
4 changed files with 1 additions and 55 deletions
--- a/security/integrity/ima/Kconfig
+++ b/security/integrity/ima/Kconfig
@@ -123,11 +123,3 @@ config IMA_APPRAISE
 	  For more information on integrity appraisal refer to:
 	  <http://linux-ima.sourceforge.net>
 	  If unsure, say N.
-
-config IMA_TRUSTED_KEYRING
-	bool "Require all keys on the _ima keyring be signed"
-	depends on IMA_APPRAISE && SYSTEM_TRUSTED_KEYRING
-	default y
-	help
-	   This option requires that all keys added to the _ima
-	   keyring be signed by a key on the system trusted keyring.
--- a/security/integrity/ima/ima_appraise.c
+++ b/security/integrity/ima/ima_appraise.c
@@ -381,14 +381,3 @@ int ima_inode_removexattr(struct dentry *dentry, const char *xattr_name)
 	}
 	return result;
 }
-
-#ifdef CONFIG_IMA_TRUSTED_KEYRING
-static int __init init_ima_keyring(void)
-{
-	int ret;
-
-	ret = integrity_init_keyring(INTEGRITY_KEYRING_IMA);
-	return 0;
-}
-late_initcall(init_ima_keyring);
-#endif