diff -up ./mozilla/security/nss/lib/sysinit/nsssysinit.c.603313 ./mozilla/security/nss/lib/sysinit/nsssysinit.c
--- ./mozilla/security/nss/lib/sysinit/nsssysinit.c.603313	2010-10-15 13:57:42.719738316 -0700
+++ ./mozilla/security/nss/lib/sysinit/nsssysinit.c	2010-10-15 14:07:51.704637349 -0700
@@ -263,16 +263,26 @@ get_list(char *filename, char *stripped_
     sysdb = getSystemDB();
     userdb = getUserDB();
 
-    /* Don't open root's user DB */
+    /* return a list of databases to open. First the system database */
+    if (sysdb) {
+        const char *readonly = userCanModifySystemDB() ? "" : "flags=readonly";
+	module_list[next++] = PR_smprintf(
+	    "library= "
+	    "module=\"NSS system database\" "
+	    "parameters=\"configdir='sql:%s' tokenDescription='NSS system database' %s\" "
+	    "NSS=\"trustOrder=80 %sflags=internal,critical\"",
+            sysdb, readonly, nssflags);
+    }
+
+    /* Next the user database, but not for root. */
     if (userdb != NULL && !userIsRoot()) {
-	/* return a list of databases to open. First the user Database */
 	module_list[next++] = PR_smprintf(
 	    "library= "
 	    "module=\"NSS User database\" "
 	    "parameters=\"configdir='sql:%s' %s tokenDescription='NSS user database'\" "
-        "NSS=\"trustOrder=75 %sflags=internal%s\"",
-        userdb, stripped_parameters, nssflags,
-        isFIPS ? ",FIPS" : "");
+            "NSS=\"trustOrder=75 %sflags=internal%s\"",
+            userdb, stripped_parameters, nssflags,
+            isFIPS ? ",FIPS" : "");
 
 	/* now open the user's defined PKCS #11 modules */
 	/* skip the local user DB entry */
@@ -281,41 +291,7 @@ get_list(char *filename, char *stripped_
 	    "module=\"NSS User database\" "
 	    "parameters=\"configdir='sql:%s' %s\" "
 	    "NSS=\"flags=internal,moduleDBOnly,defaultModDB,skipFirst\"", 
-		userdb, stripped_parameters);
-	}
-
-#if 0
-	/* This doesn't actually work. If we register
-		both this and the sysdb (in either order)
-		then only one of them actually shows up */
-
-    /* Using a NULL filename as a Boolean flag to
-     * prevent registering both an application-defined
-     * db and the system db. rhbz #546211.
-     */
-    PORT_Assert(filename);
-    if (sysdb && PL_CompareStrings(filename, sysdb))
-	    filename = NULL;
-    else if (userdb && PL_CompareStrings(filename, userdb))
-	    filename = NULL;
-
-    if (filename && !userIsRoot()) {
-	    module_list[next++] = PR_smprintf(
-	      "library= "
-	      "module=\"NSS database\" "
-	      "parameters=\"configdir='sql:%s' tokenDescription='NSS database sql:%s'\" "
-	      "NSS=\"%sflags=internal\"",filename, filename, nssflags);
-    }
-#endif
-
-    /* now the system database (always read only unless it's root) */
-    if (sysdb) {
-	    const char *readonly = userCanModifySystemDB() ? "" : "flags=readonly";
-	    module_list[next++] = PR_smprintf(
-	      "library= "
-	      "module=\"NSS system database\" "
-	      "parameters=\"configdir='sql:%s' tokenDescription='NSS system database' %s\" "
-	      "NSS=\"trustOrder=80 %sflags=internal,critical\"",sysdb, readonly, nssflags);
+            userdb, stripped_parameters);
     }
 
     /* that was the last module */