mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2025-01-04 04:06:26 +00:00
KEYS: Make the system 'trusted' keyring viewable by userspace
Give the root user the ability to read the system keyring and put read permission on the trusted keys added during boot. The latter is actually more theoretical than real for the moment as asymmetric keys do not currently provide a read operation. Signed-off-by: Mimi Zohar <zohar@us.ibm.com> Signed-off-by: David Howells <dhowells@redhat.com>
This commit is contained in:
parent
cd0421dcd0
commit
af34cb0c3d
@ -35,7 +35,7 @@ static __init int system_trusted_keyring_init(void)
|
|||||||
keyring_alloc(".system_keyring",
|
keyring_alloc(".system_keyring",
|
||||||
KUIDT_INIT(0), KGIDT_INIT(0), current_cred(),
|
KUIDT_INIT(0), KGIDT_INIT(0), current_cred(),
|
||||||
((KEY_POS_ALL & ~KEY_POS_SETATTR) |
|
((KEY_POS_ALL & ~KEY_POS_SETATTR) |
|
||||||
KEY_USR_VIEW | KEY_USR_READ),
|
KEY_USR_VIEW | KEY_USR_READ | KEY_USR_SEARCH),
|
||||||
KEY_ALLOC_NOT_IN_QUOTA, NULL);
|
KEY_ALLOC_NOT_IN_QUOTA, NULL);
|
||||||
if (IS_ERR(system_trusted_keyring))
|
if (IS_ERR(system_trusted_keyring))
|
||||||
panic("Can't allocate system trusted keyring\n");
|
panic("Can't allocate system trusted keyring\n");
|
||||||
@ -81,8 +81,8 @@ static __init int load_system_certificate_list(void)
|
|||||||
NULL,
|
NULL,
|
||||||
p,
|
p,
|
||||||
plen,
|
plen,
|
||||||
(KEY_POS_ALL & ~KEY_POS_SETATTR) |
|
((KEY_POS_ALL & ~KEY_POS_SETATTR) |
|
||||||
KEY_USR_VIEW,
|
KEY_USR_VIEW | KEY_USR_READ),
|
||||||
KEY_ALLOC_NOT_IN_QUOTA |
|
KEY_ALLOC_NOT_IN_QUOTA |
|
||||||
KEY_ALLOC_TRUSTED);
|
KEY_ALLOC_TRUSTED);
|
||||||
if (IS_ERR(key)) {
|
if (IS_ERR(key)) {
|
||||||
|
Loading…
Reference in New Issue
Block a user