diff options
author | Michael LeMay <mdlemay@epoch.ncsc.mil> | 2006-06-22 23:47:17 +0200 |
---|---|---|
committer | Linus Torvalds <torvalds@g5.osdl.org> | 2006-06-23 00:05:55 +0200 |
commit | d720024e94de4e8b7f10ee83c532926f3ad5d708 (patch) | |
tree | 8f21613c29a26bfbeb334cb0104b8b998b09fbdc /security/keys/request_key_auth.c | |
parent | [PATCH] NTFS: Critical bug fix (affects MIPS and possibly others) (diff) | |
download | linux-d720024e94de4e8b7f10ee83c532926f3ad5d708.tar.xz linux-d720024e94de4e8b7f10ee83c532926f3ad5d708.zip |
[PATCH] selinux: add hooks for key subsystem
Introduce SELinux hooks to support the access key retention subsystem
within the kernel. Incorporate new flask headers from a modified version
of the SELinux reference policy, with support for the new security class
representing retained keys. Extend the "key_alloc" security hook with a
task parameter representing the intended ownership context for the key
being allocated. Attach security information to root's default keyrings
within the SELinux initialization routine.
Has passed David's testsuite.
Signed-off-by: Michael LeMay <mdlemay@epoch.ncsc.mil>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: James Morris <jmorris@namei.org>
Acked-by: Chris Wright <chrisw@sous-sol.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Diffstat (limited to 'security/keys/request_key_auth.c')
-rw-r--r-- | security/keys/request_key_auth.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/security/keys/request_key_auth.c b/security/keys/request_key_auth.c index cce6ba6b0323..0ecc2e8d2bd0 100644 --- a/security/keys/request_key_auth.c +++ b/security/keys/request_key_auth.c @@ -148,7 +148,7 @@ struct key *request_key_auth_new(struct key *target, const char *callout_info) sprintf(desc, "%x", target->serial); authkey = key_alloc(&key_type_request_key_auth, desc, - current->fsuid, current->fsgid, + current->fsuid, current->fsgid, current, KEY_POS_VIEW | KEY_POS_READ | KEY_POS_SEARCH | KEY_USR_VIEW, 1); if (IS_ERR(authkey)) { |