Keys can only be loaded when rootfs is mounted. Initcalls are not suitable for that. Provide a special hook. Signed-off-by: Dmitry Kasatkin <d.kasatkin@xxxxxxxxxxx> --- include/linux/ima.h | 9 +++++++++ init/main.c | 6 +++++- 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/include/linux/ima.h b/include/linux/ima.h index 23a87a4..b617c1a 100644 --- a/include/linux/ima.h +++ b/include/linux/ima.h @@ -73,4 +73,13 @@ static inline int ima_inode_removexattr(struct dentry *dentry, return 0; } #endif /* CONFIG_IMA_APPRAISE */ + +#ifdef CONFIG_IMA_APPRAISE_SIGNED_INIT +extern void __init ima_prepare_keys(void); +#else +static inline void ima_prepare_keys(void) +{ +} +#endif + #endif /* _LINUX_IMA_H */ diff --git a/init/main.c b/init/main.c index e8ae1fe..b24cfaa 100644 --- a/init/main.c +++ b/init/main.c @@ -78,6 +78,7 @@ #include <linux/context_tracking.h> #include <linux/random.h> #include <linux/list.h> +#include <linux/ima.h> #include <asm/io.h> #include <asm/bugs.h> @@ -1028,6 +1029,9 @@ static noinline void __init kernel_init_freeable(void) * initmem segments and start the user-mode stuff.. */ - /* rootfs is available now, try loading default modules */ + /* rootfs is available now */ + /* try loading public keys */ + ima_prepare_keys(); + /* try loading default modules */ load_default_modules(); } -- 1.9.1 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/