I am planning to extend keyctl() to be able to verify signature of a user
buffer. One should be able to pass in the keyring id which needs to be
searched for potential keys against which signature can be verified.
Said keyring should be searchable by the caller. Make system_keyring
searcable for root so that root applications can use this keyring
for signature verification of user buffers.
Signed-off-by: Vivek Goyal <vgoyal@xxxxxxxxxx>
---
kernel/system_keyring.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/kernel/system_keyring.c b/kernel/system_keyring.c
index b19cc6e..764ef63 100644
--- a/kernel/system_keyring.c
+++ b/kernel/system_keyring.c
@@ -38,7 +38,7 @@ static __init int system_trusted_keyring_init(void)
keyring_alloc(".system_keyring",
KUIDT_INIT(0), KGIDT_INIT(0), current_cred(),
((KEY_POS_ALL & ~KEY_POS_SETATTR) |
- KEY_USR_VIEW | KEY_USR_READ),
+ KEY_USR_VIEW | KEY_USR_READ | KEY_USR_SEARCH),
KEY_ALLOC_NOT_IN_QUOTA, NULL);
if (IS_ERR(system_trusted_keyring))
panic("Can't allocate system trusted keyring\n");
--
1.8.3.1
_______________________________________________
kernel mailing list
kernel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/kernel
