[Fedora 01/19] system_keyring: Make keyring searchable for root

Vivek Goyal vgoyal at redhat.com
Wed Sep 4 21:24:33 UTC 2013

I am planning to extend keyctl() to be able to verify signature of a user
buffer. One should be able to pass in the keyring id which needs to be
searched for potential keys against which signature can be verified.

Said keyring should be searchable by the caller. Make system_keyring
searcable for root so that root applications can use this keyring
for signature verification of user buffers.

Signed-off-by: Vivek Goyal <vgoyal at redhat.com>
 kernel/system_keyring.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/kernel/system_keyring.c b/kernel/system_keyring.c
index b19cc6e..764ef63 100644
--- a/kernel/system_keyring.c
+++ b/kernel/system_keyring.c
@@ -38,7 +38,7 @@ static __init int system_trusted_keyring_init(void)
 			      KUIDT_INIT(0), KGIDT_INIT(0), current_cred(),
 			      ((KEY_POS_ALL & ~KEY_POS_SETATTR) |
-			       KEY_USR_VIEW | KEY_USR_READ),
 	if (IS_ERR(system_trusted_keyring))
 		panic("Can't allocate system trusted keyring\n");

More information about the kernel mailing list