summaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authorBruno Meneguele <bmeneg@redhat.com>2020-09-04 16:41:00 -0300
committerMimi Zohar <zohar@linux.ibm.com>2020-09-09 20:05:28 -0400
commit8c2f516c99f0b7e59c53158f4d7a7fe229c5aea8 (patch)
tree1e1462abc475a71085f209b19e5c296b9778d68e /security
parente4d7e2df3a0903601bf12eb6ef1f0c8fa1042204 (diff)
downloadlinux-8c2f516c99f0b7e59c53158f4d7a7fe229c5aea8.tar.bz2
integrity: include keyring name for unknown key request
Depending on the IMA policy rule a key may be searched for in multiple keyrings (e.g. .ima and .platform) and possibly not found. This patch improves feedback by including the keyring "description" (name) in the error message. Signed-off-by: Bruno Meneguele <bmeneg@redhat.com> [zohar@linux.ibm.com: updated commit message] Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Diffstat (limited to 'security')
-rw-r--r--security/integrity/digsig_asymmetric.c10
1 files changed, 8 insertions, 2 deletions
diff --git a/security/integrity/digsig_asymmetric.c b/security/integrity/digsig_asymmetric.c
index cfa4127d0518..14de98ef67f6 100644
--- a/security/integrity/digsig_asymmetric.c
+++ b/security/integrity/digsig_asymmetric.c
@@ -55,8 +55,14 @@ static struct key *request_asymmetric_key(struct key *keyring, uint32_t keyid)
}
if (IS_ERR(key)) {
- pr_err_ratelimited("Request for unknown key '%s' err %ld\n",
- name, PTR_ERR(key));
+ if (keyring)
+ pr_err_ratelimited("Request for unknown key '%s' in '%s' keyring. err %ld\n",
+ name, keyring->description,
+ PTR_ERR(key));
+ else
+ pr_err_ratelimited("Request for unknown key '%s' err %ld\n",
+ name, PTR_ERR(key));
+
switch (PTR_ERR(key)) {
/* Hide some search errors */
case -EACCES: