KEYS: Make the system 'trusted' keyring viewable by userspace Give the root user the ability to read the system keyring and put read permission on the trusted keys added during boot. The latter is actually more theoretical than real for the moment as asymmetric keys do not currently provide a read operation. Signed-off-by: Mimi Zohar <zohar@us.ibm.com> Signed-off-by: David Howells <dhowells@redhat.com>

commit: af34cb0c3d16b46d88b661692b885d1d998a8ecb [log] [tgz]
author: Mimi Zohar <zohar@linux.vnet.ibm.com> Tue Aug 20 14:36:26 2013 -0400
committer: David Howells <dhowells@redhat.com> Wed Sep 25 17:17:01 2013 +0100
tree: b6bf8abd1c4c052952a8230c9edb00a66ecf8aec
parent: cd0421dcd0230d3e402ae9c6d012610132c3f078 [diff] [blame]
diff --git a/kernel/system_keyring.c b/kernel/system_keyring.c
index 5296721..564dd93 100644
--- a/kernel/system_keyring.c
+++ b/kernel/system_keyring.c

@@ -35,7 +35,7 @@
 		keyring_alloc(".system_keyring",
 			      KUIDT_INIT(0), KGIDT_INIT(0), current_cred(),
 			      ((KEY_POS_ALL & ~KEY_POS_SETATTR) |
-			       KEY_USR_VIEW | KEY_USR_READ),
+			      KEY_USR_VIEW | KEY_USR_READ | KEY_USR_SEARCH),
 			      KEY_ALLOC_NOT_IN_QUOTA, NULL);
 	if (IS_ERR(system_trusted_keyring))
 		panic("Can't allocate system trusted keyring\n");
@@ -81,8 +81,8 @@
 					   NULL,
 					   p,
 					   plen,
-					   (KEY_POS_ALL & ~KEY_POS_SETATTR) |
-					   KEY_USR_VIEW,
+					   ((KEY_POS_ALL & ~KEY_POS_SETATTR) |
+					   KEY_USR_VIEW | KEY_USR_READ),
 					   KEY_ALLOC_NOT_IN_QUOTA |
 					   KEY_ALLOC_TRUSTED);
 		if (IS_ERR(key)) {
commit	af34cb0c3d16b46d88b661692b885d1d998a8ecb	[log] [tgz]
author	Mimi Zohar <zohar@linux.vnet.ibm.com>	Tue Aug 20 14:36:26 2013 -0400
committer	David Howells <dhowells@redhat.com>	Wed Sep 25 17:17:01 2013 +0100
tree	b6bf8abd1c4c052952a8230c9edb00a66ecf8aec
parent	cd0421dcd0230d3e402ae9c6d012610132c3f078 [diff] [blame]