summaryrefslogtreecommitdiffstats
path: root/security/keys/proc.c
diff options
context:
space:
mode:
authorDavid Howells <dhowells@redhat.com>2008-04-29 10:01:31 +0200
committerLinus Torvalds <torvalds@linux-foundation.org>2008-04-29 17:06:17 +0200
commit69664cf16af4f31cd54d77948a4baf9c7e0ca7b9 (patch)
tree3ff4ecae21c140a2beed25cfa9e55b788f9814ac /security/keys/proc.c
parentkeys: allow clients to set key perms in key_create_or_update() (diff)
downloadlinux-69664cf16af4f31cd54d77948a4baf9c7e0ca7b9.tar.xz
linux-69664cf16af4f31cd54d77948a4baf9c7e0ca7b9.zip
keys: don't generate user and user session keyrings unless they're accessed
Don't generate the per-UID user and user session keyrings unless they're explicitly accessed. This solves a problem during a login process whereby set*uid() is called before the SELinux PAM module, resulting in the per-UID keyrings having the wrong security labels. This also cures the problem of multiple per-UID keyrings sometimes appearing due to PAM modules (including pam_keyinit) setuiding and causing user_structs to come into and go out of existence whilst the session keyring pins the user keyring. This is achieved by first searching for extant per-UID keyrings before inventing new ones. The serial bound argument is also dropped from find_keyring_by_name() as it's not currently made use of (setting it to 0 disables the feature). Signed-off-by: David Howells <dhowells@redhat.com> Cc: <kwc@citi.umich.edu> Cc: <arunsr@cse.iitk.ac.in> Cc: <dwalsh@redhat.com> Cc: Stephen Smalley <sds@tycho.nsa.gov> Cc: James Morris <jmorris@namei.org> Cc: Chris Wright <chrisw@sous-sol.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'security/keys/proc.c')
0 files changed, 0 insertions, 0 deletions