>In security/integrity/digsig_asymmetric.c function request_asymmetric_key, >should we >not do a key_ref_put() when the key is found in the ima_blacklist_keyring? I'm >working >with 6.6.9 kernel but have verified it is the same logic in linux-stable >master branch >(top of tree is ecb1b8288dc7ccbdcb3b9df005fa1c0e0c0388a7)
I guess it does not matter, as there doesn't appear to be a function to insert anything into the ima_blacklist_keyring. Seems like we should simply use the system blacklist_keyring, or perhaps the add_key_to_revocation_list function should take a keyring argument.
