summaryrefslogtreecommitdiffstats
path: root/security/keys
diff options
context:
space:
mode:
authorMimi Zohar <zohar@linux.vnet.ibm.com>2013-09-04 14:26:22 +0200
committerDavid Howells <dhowells@redhat.com>2013-09-25 18:17:01 +0200
commitc124bde28bce41f9e46e32d03d134a81e116d38c (patch)
treed507bc7cf4719cff70c4623f39cbb06b0b89d01a /security/keys
parentKEYS: verify a certificate is signed by a 'trusted' key (diff)
downloadlinux-c124bde28bce41f9e46e32d03d134a81e116d38c.tar.xz
linux-c124bde28bce41f9e46e32d03d134a81e116d38c.zip
KEYS: initialize root uid and session keyrings early
In order to create the integrity keyrings (eg. _evm, _ima), root's uid and session keyrings need to be initialized early. Signed-off-by: Mimi Zohar <zohar@us.ibm.com> Signed-off-by: David Howells <dhowells@redhat.com>
Diffstat (limited to 'security/keys')
-rw-r--r--security/keys/process_keys.c10
1 files changed, 10 insertions, 0 deletions
diff --git a/security/keys/process_keys.c b/security/keys/process_keys.c
index 68548ea6fe01..0cf8a130a267 100644
--- a/security/keys/process_keys.c
+++ b/security/keys/process_keys.c
@@ -857,3 +857,13 @@ void key_change_session_keyring(struct callback_head *twork)
commit_creds(new);
}
+
+/*
+ * Make sure that root's user and user-session keyrings exist.
+ */
+static int __init init_root_keyring(void)
+{
+ return install_user_keyrings();
+}
+
+late_initcall(init_root_keyring);