diff options
author | Serge E. Hallyn <serue@us.ibm.com> | 2009-02-27 01:27:38 +0100 |
---|---|---|
committer | James Morris <jmorris@namei.org> | 2009-02-27 02:35:06 +0100 |
commit | 1d1e97562e5e2ac60fb7b25437ba619f95f67fab (patch) | |
tree | 68a9c52ecbff0782dd9b9438685afc3b40b6f707 /security/keys/process_keys.c | |
parent | integrity: ima iint radix_tree_lookup locking fix (diff) | |
download | linux-1d1e97562e5e2ac60fb7b25437ba619f95f67fab.tar.xz linux-1d1e97562e5e2ac60fb7b25437ba619f95f67fab.zip |
keys: distinguish per-uid keys in different namespaces
per-uid keys were looked by uid only. Use the user namespace
to distinguish the same uid in different namespaces.
This does not address key_permission. So a task can for instance
try to join a keyring owned by the same uid in another namespace.
That will be handled by a separate patch.
Signed-off-by: Serge E. Hallyn <serue@us.ibm.com>
Acked-by: David Howells <dhowells@redhat.com>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/keys/process_keys.c')
-rw-r--r-- | security/keys/process_keys.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/security/keys/process_keys.c b/security/keys/process_keys.c index 2f5d89e92b85..276d27882ce8 100644 --- a/security/keys/process_keys.c +++ b/security/keys/process_keys.c @@ -17,6 +17,7 @@ #include <linux/fs.h> #include <linux/err.h> #include <linux/mutex.h> +#include <linux/user_namespace.h> #include <asm/uaccess.h> #include "internal.h" @@ -34,6 +35,7 @@ struct key_user root_key_user = { .nkeys = ATOMIC_INIT(2), .nikeys = ATOMIC_INIT(2), .uid = 0, + .user_ns = &init_user_ns, }; /*****************************************************************************/ |