Message ID | 20230302164652.83571-1-eric.snowberg@oracle.com (mailing list archive) |
---|---|
Headers | show
Return-Path: <keyrings-owner@vger.kernel.org> X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id CF029C7EE43 for <keyrings@archiver.kernel.org>; Thu, 2 Mar 2023 16:47:48 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230165AbjCBQrr (ORCPT <rfc822;keyrings@archiver.kernel.org>); Thu, 2 Mar 2023 11:47:47 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56046 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230057AbjCBQri (ORCPT <rfc822;keyrings@vger.kernel.org>); Thu, 2 Mar 2023 11:47:38 -0500 Received: from mx0a-00069f02.pphosted.com (mx0a-00069f02.pphosted.com [205.220.165.32]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8CB6E5650F; Thu, 2 Mar 2023 08:47:30 -0800 (PST) Received: from pps.filterd (m0246627.ppops.net [127.0.0.1]) by mx0b-00069f02.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 322FCWUq005684; Thu, 2 Mar 2023 16:46:51 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=from : to : cc : subject : date : message-id : content-transfer-encoding : content-type : mime-version; s=corp-2022-7-12; bh=b69PoULkFOQ2xhN5a0O35QRgDeSDedJTt3nH58xgAF0=; b=sghgpMS7MDLvxAuaG3u9zimvisFi2guexMCFpcbfzhlyTtljHMV5670tGa1DjgAsi/pF yWiaTiFz8++yGecdlihqN16vWw3P+dyHDLOvZUcEz4OTw2+6mPsSSyjJcm6TZX210vUZ eQT9Pn1uC2NDpzbhr9K+ugMBNbHLPMBdKyc83dbbW7f9L0hpHy3gIAaEXw1OQ6u29Uab G4m7z0OvKFVT72NHhsbcGgbwmjgDvHaCiQll6CncTAdBPfNI3HSjLKXtGjbzQbl5DTp1 L1O8W6OFFks/1Adh6uWak3N0mqFCUyezXO7J33nFS0EqK0QX67bARV0eu446ftPFf2KB fg== Received: from phxpaimrmta03.imrmtpd1.prodappphxaev1.oraclevcn.com (phxpaimrmta03.appoci.oracle.com [138.1.37.129]) by mx0b-00069f02.pphosted.com (PPS) with ESMTPS id 3nyb9amd6r-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 02 Mar 2023 16:46:51 +0000 Received: from pps.filterd (phxpaimrmta03.imrmtpd1.prodappphxaev1.oraclevcn.com [127.0.0.1]) by phxpaimrmta03.imrmtpd1.prodappphxaev1.oraclevcn.com (8.17.1.5/8.17.1.5) with ESMTP id 322FWT1V002175; Thu, 2 Mar 2023 16:46:50 GMT Received: from nam12-bn8-obe.outbound.protection.outlook.com (mail-bn8nam12lp2174.outbound.protection.outlook.com [104.47.55.174]) by phxpaimrmta03.imrmtpd1.prodappphxaev1.oraclevcn.com (PPS) with ESMTPS id 3ny8sa1vy4-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 02 Mar 2023 16:46:50 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ebVEuZb3Nh3mFWZe3VKPCUHW0pF3DTOIFCOd8S1YjARmESEBOPRwKsS4mb1dxvGMsLj+yfHZuHq9Y3JTmOWVxWY2j97kZ/YTFpRNqyS5s+YMr5cyXmF4QCj7hZcuIW0ZsffATjg44+/q9x/BRDQsCsVt1eFSKekkIpLqb4WYV/aMULqGlWA/7rVEmPLcFFvCuwoMQpdun6NynYEJJ5H9huLKKFTMtaVV5O9P8GHuEY0zUEosHPP0NNJ1o0gYNdC09va9r+B89ZcWgT8dBKDn0Dmh7QteZxJ7l4GEi6AfMNOfGXevPYXwvDeq0tii4i/eao6sMB7mpoCD8wc9gIJwCw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=b69PoULkFOQ2xhN5a0O35QRgDeSDedJTt3nH58xgAF0=; b=O9+Mg8jwqsWLCn9EfLHcOyDcqXVPjAYxR7UIhUJCRQGT8lHPykJbIG0ZB48Ojofmey8ooX05gLfuOSEJnhUoxJZIAYWhJ2w1iiMSL//h/p+UAbMSaLlNqrCw/H/IPGwVyJI0Sx34tHxC4jTYo/4X4g0fyHc3G1sUmA2ZRoy+KIqBUW1mt3bDJoiewlAzuxgdkieXPz+tQBpuN1V2QcRQBGKRIFJZ5BcSNG0Pv1Q1x9mYNiyi+x0YQ20OxmwMO32mmvQmbK2UkjtC+uPg9nKqBp0Evwhhe1lrA5QU1fYSsJ/JcsA4egmI1hIVgFpaZj+UyYTOVr+pmQanoJpduwXBdw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=oracle.com; dmarc=pass action=none header.from=oracle.com; dkim=pass header.d=oracle.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.onmicrosoft.com; s=selector2-oracle-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=b69PoULkFOQ2xhN5a0O35QRgDeSDedJTt3nH58xgAF0=; b=MsU9Rs9MBPZEyV4+dX+39tvmiJlCeTNXF7zYRs7P8J0pi5Ii6Dmg+QV8GCHbnrl8Wa80XTa4VYrZO/0ZuWzS2p9N1QJJqULyk+X5zlltizjs3PpzMd9y+QOJiBgLyd00rutsdE8CbBx8Sn2s1cQnkfufaFh5LwUT7rfkadA5f5E= Received: from CH2PR10MB4150.namprd10.prod.outlook.com (2603:10b6:610:ac::13) by DS7PR10MB5150.namprd10.prod.outlook.com (2603:10b6:5:3a1::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6156.19; Thu, 2 Mar 2023 16:46:47 +0000 Received: from CH2PR10MB4150.namprd10.prod.outlook.com ([fe80::a326:1794:402f:1adb]) by CH2PR10MB4150.namprd10.prod.outlook.com ([fe80::a326:1794:402f:1adb%3]) with mapi id 15.20.6156.019; Thu, 2 Mar 2023 16:46:47 +0000 From: Eric Snowberg <eric.snowberg@oracle.com> To: jarkko@kernel.org, zohar@linux.ibm.com, dhowells@redhat.com, dwmw2@infradead.org Cc: herbert@gondor.apana.org.au, davem@davemloft.net, dmitry.kasatkin@gmail.com, paul@paul-moore.com, jmorris@namei.org, serge@hallyn.com, pvorel@suse.cz, eric.snowberg@oracle.com, kanth.ghatraju@oracle.com, konrad.wilk@oracle.com, erpalmer@linux.vnet.ibm.com, coxu@redhat.com, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, linux-crypto@vger.kernel.org, linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org Subject: [PATCH v5 0/6] Add CA enforcement keyring restrictions Date: Thu, 2 Mar 2023 11:46:46 -0500 Message-Id: <20230302164652.83571-1-eric.snowberg@oracle.com> X-Mailer: git-send-email 2.27.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-ClientProxiedBy: BYAPR08CA0049.namprd08.prod.outlook.com (2603:10b6:a03:117::26) To CH2PR10MB4150.namprd10.prod.outlook.com (2603:10b6:610:ac::13) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CH2PR10MB4150:EE_|DS7PR10MB5150:EE_ X-MS-Office365-Filtering-Correlation-Id: 109bb9f7-49de-4270-af6f-08db1b3db6b2 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: tglan04l1QMq9imzz3Ae692N9Xf02NxJPwe0f1BqqcTZTR2eFrPZalgC098QcF1A16I8phrc/jAAzZ5PlSua+pzyei2FWQ9/NJbu8rIK52zbxrkvSU6wGsvLMY1WaX/TlPkI1FJrFokSkImYsw61FYJibIWZLaAQ64UuqlGT4zzJOuaO/9EgGktRKVQhxfvWQkWLCKFff/RaR4c3o4S5ZrleUWd7YAEo/vre3ddenr2zIOQbT17AH/01gar4pK6KyOn3dnmMkSHPrXZdc68/7XBSSx2U2AmOTuQgIvx1hubSvIrnIm402QYaZ6cEgJrGfu0opr0/jI4XIl1IpsiezNLSWoRY469seWAJthtDQ0EXwDVeAt6Gd707/yiz02Acdm61B8y2EZNIQyoXs8Y3Z06XlQNnkxZclO59YfimvASkjPQGbXiIZ9D/dYTGCcsbXxG4d7AF8QTWmOp/hrXXS0jZzaP2o+atYIr4bnC3A9Lgg0bz390qoTY/Hy7Xq/z+6o1x33OgyV0Ezy/UI9s1oHkgua/zbluhgDAiRa4h1Zg0fjeqXfizODuTvvVJn2NGw45SOHnjTflMmMZX+RQCnhTX/hF2+Jy5uL3Cs4VDYY7bRvEbQsugBbfTvRfTkdL8aqBDksMEFEmHaI81lR1NDg== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CH2PR10MB4150.namprd10.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230025)(39860400002)(396003)(136003)(346002)(376002)(366004)(451199018)(36756003)(86362001)(8676002)(41300700001)(66556008)(66476007)(5660300002)(7416002)(8936002)(4326008)(2906002)(44832011)(38100700002)(6486002)(316002)(478600001)(66946007)(83380400001)(6512007)(1076003)(6506007)(2616005)(186003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: 8zj2x0Kcda0W5UdZmYYi4VS52K6o4i2Bnuqexa5Ie3JRKHla8CeyrkLxQsdUz6FSry4o/XjwIi+VJtpKv+KStxxaMy5U2HKSKtPcuOrTxtVB5HNW+8PR5X5xgC9ODkn72jOWYqFd25gY5+MamJ4+6dOo/3T++tr2MYAxKsVK/cvdZLyJfjkssqOsqQiCRI/vi72a6Vbk9lcGczpTlEhRgpVEkkCTF7xTTatdrghUpzu+K6gHDhzJtg5n3LXmCxB7oji3dH8LI7H/b7FqtIAopQLINoT3i7EQY4vx61bYv8gjP6E7hnVQQ37ApQx4R7HGNEtsvLOVdJPRMW3+Q5n2ukAbTbNeguG2Vq3vKgHsJv5SG5mf2i+ohlX++GSTfXm09FlkfcfysxUofGabCfi9mN7JFHk6ymPJ2YM3TusrrSDPXqv9Yb6H04uK97YtP6ENWiY8fWkAXSAlVh6ejuuHjwfKd1j9E+gQYgq6xVqhuwjJiCdcApMTrdhjtGSyd/KZFCyu3Ma9a6eSeqLR3KPy62OG63V+FHBWh/nhKmjrssZOkU2pJm4jiGRx06aBi+IkfJGbwkd6KqTKf4+4yL2xTnson5Z2TF0dYpKI2Von6xHc+ZVXAQg6bD78fFtzexPd/cPlX1mQ0pmTjCZDIWM18lxGIUFAWUHE+dBiAPaS19nR03VuGdZufm7wuB6XR/kvRm+3TnI5SRXidNhxYQZOU86tx0fpqfurNtAnC++QZZwzdvxwLS5WpBBCSubXZZPZJeew6qNuISYcul5UBy1j2K0ENPtI9tvsFejOw5+kZ1FJb5BVzgfqCKz506mXWZsG3XnENMGyTDaTRTD/KoI4YHxksms656iXyB8xItTqjPFDgcH51Js5fvClDJFiCtFDpKyzpZ04wSGZkkewkL2H7kJBELpQwD2yITEOIUPyyWF/kYfqLoAs0WkF2wmK5GWVmRPx/zakM2BitTjUfAE2sV4ADlPqmkEsyyjbkycWHfuwpfBAbKGRY64Nv0YR7i9ToWfHq/xKiru5ADm4QxgV1KA3gA/ZvuW+7nobxdnMeprVjlSNj7U0UYg452+rnsKMXzoYksCeXtw1A7MMzWHY95giurIKMAp719ie4SZrOjzV39ai6OEHmbwCegTZMHGfNlMJ3QZjCyDZ6wgvZ6a3/aTcRfFmHO+UwOxfyCOwUDM0zKR0LVVPkoiWmihar6KmXJgnnBrg2o4mcLKV47rpaJ+CdZmKNkQJWeEoEa4ndWm2JNqynh3/SJ59eDoFSjU7rbptk13L6Rg/nq3kJZ05QNE0abgDgRxLfC6aDUx140PkkZeg9O0hUq0T8rEjfdNpstSJr+8ro87rw6ybfSY1L3jJyQWNsmnmg6x8BccNCznWHGxE306QeIqO9Am4fkoKsCt7QCSfqUz22RwrdpH8DOd4TbCKDWzp1VOuhl+otpLWbhuBwOdaap0foi1Maf2SAufLD/1cGiqfgecoghHd0vsgF0K+3M83jWQWFgmOqA0xx1q3AycowzYcubKzcVbmzltltdV6j0giplGvIHLtHpTs79szYu65JuSUi6l4JCeZaS6e8ZQvsXauv6Qjf/b/mWGviGP2tsJbpwySyrkBvzgril5b7rQkjHr8N0D3iRA= X-MS-Exchange-AntiSpam-ExternalHop-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-ExternalHop-MessageData-0: Bagqvo+Lg+L8kSJ60aZ8LDHMduCxpl1v9ktUW6Wciej37cMqRkJdLcbhaV7fbpEsNDXfYmvBE1Y6/flS5fobX60aFINnRsPA6c9eLvPBjqqT8ntAxLUOmeXYCO+qJF6h9+FX49Kxn7dsQgP6cgbeE+LjT6Ta08y8bLQPmSyDUHMPtrdXp1+aNZvwxqeqy/h8lXRO+zYPGKzerfi87EuPvfctt/vchCLyUMWAiakX45xqhWrXCnBDv6mfTumYDCTVK49+JKKFALjeqwRV2cWvW3LZqXSJJWDHGZwPoM2nUhoqv3QjQT86YydwTnh0Q/PMiitrEiAbQtW/lIiGXiHZiGf6lgoPmun4bQM+1pyjYNf4zewFl89IUDsWeFqKqOHqwpx6da5C+2w87F7ssG+IYgBEmlwVHdutLbcrTzM6/Xg8NY3b+8stXC86VG+FGiQzusgw95RYUofnyIAnPEi2iAreIeJjJN2JVzmlL7DklyKgNiEs09OjvxAhrZxXqjYhioqmO7tFwHFvsBJjUwNFRrAeMaXjmY7j3mdkCWF3pb8pWZPLepMnh2SGEz9cY/bje5rmuxESURZTrUHuCi1ceW5U3vQ/lpHzvhCi9tJG/vxDJqA9s2XAFM+ITxO026tC39Zo2uU9GW/O12+0MamaJY3lzuOf0BI3/FJWFU73Q8f2D60Zd69y0FXb0Kw7va3Pv0JAYLNBNvqGe9Yy47s3X9QDz0gJi5vCG7nmbITJhyH73W9pplfVsaNEoIrnUr3+vzXDCd9dYhpjcYP5bwLMVF1CfWayvIZf7u3wDvQ3m94y5Pl9mWWyPCc6u5tzm+hqh+usImwNlJnkAr0HB4IsUE0b4qWqC4g5xCA2KVUwZMAT1kI7jCixGOhkRspBB1GtZhfALhxAUbAEGsh7gRKJboqT3CgQ7qcIv9Vo/qda2Ypt3xfkMXIZhBG689V+0bEXstjS+YFRqVxw4eOK8woga8iEypC/0ECNnyGCPDmUs9vBDPcjwyASPTu/7Yy8ri4JGnSfuNEG0uqNYwiFaUZ7uTgmQ+nNMJyBOvYtPrxQj/nP0TsgnUyqcG3lJTa8i43m93O4gVZSxqViIzelZs9ZrD6BFeYcKOinbzn4ExRaCsJ56qWVYTo9tw8q3LvmGwTgIWxoHBH/B7WtBAHxE6kVio8OJ8jiKqoqqGcfdVNgLts= X-OriginatorOrg: oracle.com X-MS-Exchange-CrossTenant-Network-Message-Id: 109bb9f7-49de-4270-af6f-08db1b3db6b2 X-MS-Exchange-CrossTenant-AuthSource: CH2PR10MB4150.namprd10.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 02 Mar 2023 16:46:47.7187 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 4e2c6054-71cb-48f1-bd6c-3a9705aca71b X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: bE+MJ6MtQcq0sVJrP5KSqklB/xXoxEty1nlTzQdNSMerLpxVGV+/JM6YIgihPLPukau7gS2rB1HUP1yI+pcS4XPhWCBn+23Kv7abOHIJUmc= X-MS-Exchange-Transport-CrossTenantHeadersStamped: DS7PR10MB5150 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.219,Aquarius:18.0.942,Hydra:6.0.573,FMLib:17.11.170.22 definitions=2023-03-02_10,2023-03-02_02,2023-02-09_01 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 bulkscore=0 malwarescore=0 mlxlogscore=982 phishscore=0 spamscore=0 adultscore=0 mlxscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2303020146 X-Proofpoint-GUID: DzxRYldGYFSVbyE3vI4ft4b4kUeWXwUK X-Proofpoint-ORIG-GUID: DzxRYldGYFSVbyE3vI4ft4b4kUeWXwUK Precedence: bulk List-ID: <keyrings.vger.kernel.org> X-Mailing-List: keyrings@vger.kernel.org |
Series |
Add CA enforcement keyring restrictions
|
expand
|