KEYS: Make the system 'trusted' keyring viewable by userspace

Give the root user the ability to read the system keyring and put read permission on the trusted keys added during boot. The latter is actually more theoretical than real for the moment as asymmetric keys do not currently provide a read operation. Signed-off-by: Mimi Zohar <zohar@us.ibm.com> Signed-off-by: David Howells <dhowells@redhat.com>
author: Mimi Zohar <zohar@linux.vnet.ibm.com> 2013-08-20 14:36:26 -0400
committer: David Howells <dhowells@redhat.com> 2013-09-25 17:17:01 +0100
commit: af34cb0c3d16b46d88b661692b885d1d998a8ecb (patch)
tree: b6bf8abd1c4c052952a8230c9edb00a66ecf8aec
parent: cd0421dcd0230d3e402ae9c6d012610132c3f078 (diff)
1 files changed, 3 insertions, 3 deletions
diff --git a/kernel/system_keyring.c b/kernel/system_keyring.c
index 5296721eca5b..564dd93430a2 100644
--- a/kernel/system_keyring.c
+++ b/kernel/system_keyring.c
@@ -35,7 +35,7 @@ static __init int system_trusted_keyring_init(void)
 		keyring_alloc(".system_keyring",
 			      KUIDT_INIT(0), KGIDT_INIT(0), current_cred(),
 			      ((KEY_POS_ALL & ~KEY_POS_SETATTR) |
-			       KEY_USR_VIEW | KEY_USR_READ),
+			      KEY_USR_VIEW | KEY_USR_READ | KEY_USR_SEARCH),
 			      KEY_ALLOC_NOT_IN_QUOTA, NULL);
 	if (IS_ERR(system_trusted_keyring))
 		panic("Can't allocate system trusted keyring\n");
@@ -81,8 +81,8 @@ static __init int load_system_certificate_list(void)
 					   NULL,
 					   p,
 					   plen,
-					   (KEY_POS_ALL & ~KEY_POS_SETATTR) |
-					   KEY_USR_VIEW,
+					   ((KEY_POS_ALL & ~KEY_POS_SETATTR) |
+					   KEY_USR_VIEW | KEY_USR_READ),
 					   KEY_ALLOC_NOT_IN_QUOTA |
 					   KEY_ALLOC_TRUSTED);
 		if (IS_ERR(key)) {
author	Mimi Zohar <zohar@linux.vnet.ibm.com>	2013-08-20 14:36:26 -0400
committer	David Howells <dhowells@redhat.com>	2013-09-25 17:17:01 +0100
commit	af34cb0c3d16b46d88b661692b885d1d998a8ecb (patch)
tree	b6bf8abd1c4c052952a8230c9edb00a66ecf8aec
parent	cd0421dcd0230d3e402ae9c6d012610132c3f078 (diff)