[PATCH] MODSIGN: /proc/keys is not unconditionally available

[Jiri Kosina]

Documentation/module-signing.txt file is referring to /proc/keys file in 
order to view all keys contained in the kernel's keyring. That file is not 
universally avialble when CONFIG_KEYS is enabled, which is confusing. The 
fact that the option needed for this procfs interface to exist contains 
"_DEBUG_" in its name makes it even more confusing. Document this fact.

Signed-off-by: Jiri Kosina <jkosina@xxxxxxx>
---
 Documentation/module-signing.txt | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/Documentation/module-signing.txt b/Documentation/module-signing.txt
index 09c2382..09be78d 100644
--- a/Documentation/module-signing.txt
+++ b/Documentation/module-signing.txt
@@ -152,6 +152,9 @@ in a keyring called ".system_keyring" that can be seen by:
 	302d2d52 I------     1 perm 1f010000     0     0 asymmetri Fedora kernel signing key: d69a84e6bce3d216b979e9505b3e3ef9a7118079: X509.RSA a7118079 []
 	...
 
+CONFIG_KEYS_DEBUG_PROC_KEYS needs to be enabled for the above procfs interface
+to be available.
+
 Beyond the public key generated specifically for module signing, any file
 placed in the kernel source root directory or the kernel build root directory
 whose name is suffixed with ".x509" will be assumed to be an X.509 public key

-- 
Jiri Kosina
SUSE Labs
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/