Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit af34cb0c authored by Mimi Zohar's avatar Mimi Zohar Committed by David Howells
Browse files

KEYS: Make the system 'trusted' keyring viewable by userspace 



Give the root user the ability to read the system keyring and put read
permission on the trusted keys added during boot.  The latter is actually more
theoretical than real for the moment as asymmetric keys do not currently
provide a read operation.

Signed-off-by: default avatarMimi Zohar <zohar@us.ibm.com>
Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
parent cd0421dc

kernel/system_keyring.c

+3 −3
Original line number Diff line number Diff line
@@ -35,7 +35,7 @@ static __init int system_trusted_keyring_init(void) 
		keyring_alloc(".system_keyring",

			      KUIDT_INIT(0), KGIDT_INIT(0), current_cred(),

			      ((KEY_POS_ALL & ~KEY_POS_SETATTR) |

			       KEY_USR_VIEW | KEY_USR_READ),

			      KEY_USR_VIEW | KEY_USR_READ | KEY_USR_SEARCH),

			      KEY_ALLOC_NOT_IN_QUOTA, NULL);

	if (IS_ERR(system_trusted_keyring))

		panic("Can't allocate system trusted keyring\n");
@@ -81,8 +81,8 @@ static __init int load_system_certificate_list(void) 
					   NULL,

					   p,

					   plen,

					   (KEY_POS_ALL & ~KEY_POS_SETATTR) |

					   KEY_USR_VIEW,

					   ((KEY_POS_ALL & ~KEY_POS_SETATTR) |

					   KEY_USR_VIEW | KEY_USR_READ),

					   KEY_ALLOC_NOT_IN_QUOTA |

					   KEY_ALLOC_TRUSTED);

		if (IS_ERR(key)) {