integrity: include keyring name for unknown key request

Depending on the IMA policy rule a key may be searched for in multiple keyrings (e.g. .ima and .platform) and possibly not found. This patch improves feedback by including the keyring "description" (name) in the error message. Signed-off-by: N Bruno Meneguele <bmeneg@redhat.com> [zohar@linux.ibm.com: updated commit message] Signed-off-by: N Mimi Zohar <zohar@linux.ibm.com>

integrity: include keyring name for unknown key request
Depending on the IMA policy rule a key may be searched for in multiple keyrings (e.g. .ima and .platform) and possibly not found. This patch improves feedback by including the keyring "description" (name) in the error message. Signed-off-by: N Bruno Meneguele <bmeneg@redhat.com> [zohar@linux.ibm.com: updated commit message] Signed-off-by: N Mimi Zohar <zohar@linux.ibm.com>
8c2f516c · Bruno Meneguele · Mimi Zohar · e4d7e2df · 8c2f516c
隐藏空白更改
内联并排

Showing with 8 addition and 2 deletion

security/integrity/digsig_asymmetric.c security/integrity/digsig_asymmetric.c +8 -2

未找到文件。
--- a/security/integrity/digsig_asymmetric.c
+++ b/security/integrity/digsig_asymmetric.c
@@ -55,8 +55,14 @@ static struct key *request_asymmetric_key(struct key *keyring, uint32_t keyid)
 	}

 	if (IS_ERR(key)) {
-		pr_err_ratelimited("Request for unknown key '%s' err %ld\n",
-				   name, PTR_ERR(key));
+		if (keyring)
+			pr_err_ratelimited("Request for unknown key '%s' in '%s' keyring. err %ld\n",
+					   name, keyring->description,
+					   PTR_ERR(key));
+		else
+			pr_err_ratelimited("Request for unknown key '%s' err %ld\n",
+					   name, PTR_ERR(key));
+
 		switch (PTR_ERR(key)) {
 			/* Hide some search errors */
 		case -EACCES: