summaryrefslogtreecommitdiffstats
path: root/security/keys/key.c
diff options
context:
space:
mode:
authorMimi Zohar <zohar@linux.vnet.ibm.com>2015-11-10 14:34:46 +0100
committerMimi Zohar <zohar@linux.vnet.ibm.com>2015-12-15 16:01:43 +0100
commitd3600bcf9d64d88dc1d189a754dcfab960ce751f (patch)
tree0db5cee0ddb99cfe1cbd7f8314653f36ddf5005f /security/keys/key.c
parentIMA: allow reading back the current IMA policy (diff)
downloadlinux-d3600bcf9d64d88dc1d189a754dcfab960ce751f.tar.xz
linux-d3600bcf9d64d88dc1d189a754dcfab960ce751f.zip
KEYS: prevent keys from being removed from specified keyrings
Userspace should not be allowed to remove keys from certain keyrings (eg. blacklist), though the keys themselves can expire. This patch defines a new key flag named KEY_FLAG_KEEP to prevent userspace from being able to unlink, revoke, invalidate or timed out a key on a keyring. When this flag is set on the keyring, all keys subsequently added are flagged. In addition, when this flag is set, the keyring itself can not be cleared. Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com> Cc: David Howells <dhowells@redhat.com>
Diffstat (limited to 'security/keys/key.c')
-rw-r--r--security/keys/key.c6
1 files changed, 5 insertions, 1 deletions
diff --git a/security/keys/key.c b/security/keys/key.c
index ab7997ded725..09ef276c4bdc 100644
--- a/security/keys/key.c
+++ b/security/keys/key.c
@@ -429,8 +429,12 @@ static int __key_instantiate_and_link(struct key *key,
awaken = 1;
/* and link it into the destination keyring */
- if (keyring)
+ if (keyring) {
+ if (test_bit(KEY_FLAG_KEEP, &keyring->flags))
+ set_bit(KEY_FLAG_KEEP, &key->flags);
+
__key_link(key, _edit);
+ }
/* disable the authorisation key */
if (authkey)