From: Ajo Jose Panoor <ajo.jose.panoor@huawei.com> hulk inclusion category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I4C9AE CVE: NA ----------------------------------------------------------------- As part of the imans support, a key domain tag is added to the search criteria in digsig module. When IMA Namespace is disabled, the initial ima namespace domain tag should be used instead of nsproxy. Signed-off-by: Ajo Jose Panoor <ajo.jose.panoor@huawei.com> Reviewed-by: Zhang Tianxing <zhangtianxing3@huawei.com> Signed-off-by: Zheng Zengkai <zhengzengkai@huawei.com> --- security/integrity/digsig.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/security/integrity/digsig.c b/security/integrity/digsig.c index 2c923dc0dbd3..c866a5c2c9b1 100644 --- a/security/integrity/digsig.c +++ b/security/integrity/digsig.c @@ -74,8 +74,11 @@ static struct key_tag *domain_tag_from_id(const unsigned int id) return ERR_PTR(-EINVAL); if (id == INTEGRITY_KEYRING_IMA) +#ifdef CONFIG_IMA_NS return current->nsproxy->ima_ns->key_domain; - +#else + return init_ima_ns.key_domain; +#endif return NULL; } -- 2.20.1