keys: Move the user and user-session keyrings to the user_namespace - linux

diff options

author	David Howells <dhowells@redhat.com>	2019-06-26 22:02:32 +0200
committer	David Howells <dhowells@redhat.com>	2019-06-26 22:02:32 +0200
commit	0f44e4d976f96c6439da0d6717238efa4b91196e (patch)
tree	3cec4bc4ef3faa4e61058e3aff066a7bec1c9d37 /Documentation/SAK.txt
parent	keys: Namespace keyring names (diff)
download	linux-0f44e4d976f96c6439da0d6717238efa4b91196e.tar.xz linux-0f44e4d976f96c6439da0d6717238efa4b91196e.zip

keys: Move the user and user-session keyrings to the user_namespace

Move the user and user-session keyrings to the user_namespace struct rather than pinning them from the user_struct struct. This prevents these keyrings from propagating across user-namespaces boundaries with regard to the KEY_SPEC_* flags, thereby making them more useful in a containerised environment. The issue is that a single user_struct may be represent UIDs in several different namespaces. The way the patch does this is by attaching a 'register keyring' in each user_namespace and then sticking the user and user-session keyrings into that. It can then be searched to retrieve them. Signed-off-by: David Howells <dhowells@redhat.com> cc: Jann Horn <jannh@google.com>

Diffstat (limited to 'Documentation/SAK.txt')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: