Merge remote-tracking branch 'mvebu/for-next'

[karo-tx-linux.git] / kernel / system_keyring.c

diff --git a/kernel/system_keyring.c b/kernel/system_keyring.c
index 51c35141a13a01ee42e875e2e19fe96e4f0b44d8..564dd93430a276b0ac7db03a59cbb5648a639c93 100644 (file)
--- a/kernel/system_keyring.c
+++ b/kernel/system_keyring.c
@@ -35,11 +35,12 @@ static __init int system_trusted_keyring_init(void)
                keyring_alloc(".system_keyring",
                              KUIDT_INIT(0), KGIDT_INIT(0), current_cred(),
                              ((KEY_POS_ALL & ~KEY_POS_SETATTR) |
-                              KEY_USR_VIEW | KEY_USR_READ),
+                             KEY_USR_VIEW | KEY_USR_READ | KEY_USR_SEARCH),
                              KEY_ALLOC_NOT_IN_QUOTA, NULL);
        if (IS_ERR(system_trusted_keyring))
                panic("Can't allocate system trusted keyring\n");
 
+       set_bit(KEY_FLAG_TRUSTED_ONLY, &system_trusted_keyring->flags);
        return 0;
 }
 
@@ -80,9 +81,10 @@ static __init int load_system_certificate_list(void)
                                           NULL,
                                           p,
                                           plen,
-                                          (KEY_POS_ALL & ~KEY_POS_SETATTR) |
-                                          KEY_USR_VIEW,
-                                          KEY_ALLOC_NOT_IN_QUOTA);
+                                          ((KEY_POS_ALL & ~KEY_POS_SETATTR) |
+                                          KEY_USR_VIEW | KEY_USR_READ),
+                                          KEY_ALLOC_NOT_IN_QUOTA |
+                                          KEY_ALLOC_TRUSTED);
                if (IS_ERR(key)) {
                        pr_err("Problem loading in-kernel X.509 certificate (%ld)\n",
                               PTR_ERR(key));