KEYS: initialize root uid and session keyrings early
authorMimi Zohar <zohar@linux.vnet.ibm.com>
Wed, 4 Sep 2013 12:26:22 +0000 (13:26 +0100)
committerDavid Howells <dhowells@redhat.com>
Wed, 25 Sep 2013 16:17:01 +0000 (17:17 +0100)
In order to create the integrity keyrings (eg. _evm, _ima), root's
uid and session keyrings need to be initialized early.

Signed-off-by: Mimi Zohar <zohar@us.ibm.com>
Signed-off-by: David Howells <dhowells@redhat.com>
security/keys/process_keys.c

index 68548ea6fe019a40e771303b463a8566f6acdf65..0cf8a130a267ca58fbc5599787c93b9913cfc576 100644 (file)
@@ -857,3 +857,13 @@ void key_change_session_keyring(struct callback_head *twork)
 
        commit_creds(new);
 }
+
+/*
+ * Make sure that root's user and user-session keyrings exist.
+ */
+static int __init init_root_keyring(void)
+{
+       return install_user_keyrings();
+}
+
+late_initcall(init_root_keyring);