diff options
author | David Howells <dhowells@redhat.com> | 2009-09-02 10:13:50 +0200 |
---|---|---|
committer | James Morris <jmorris@namei.org> | 2009-09-02 13:29:06 +0200 |
commit | 0c2c9a3fc77e8b60d43d9bd2ca46eb4dddb0ff76 (patch) | |
tree | e718aa64ab3b5d4fd73f7a837ee9ea0debfcc773 /security/keys | |
parent | KEYS: Deal with dead-type keys appropriately [try #6] (diff) | |
download | linux-0c2c9a3fc77e8b60d43d9bd2ca46eb4dddb0ff76.tar.xz linux-0c2c9a3fc77e8b60d43d9bd2ca46eb4dddb0ff76.zip |
KEYS: Allow keyctl_revoke() on keys that have SETATTR but not WRITE perm [try #6]
Allow keyctl_revoke() to operate on keys that have SETATTR but not WRITE
permission, rather than only on keys that have WRITE permission.
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Serge Hallyn <serue@us.ibm.com>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/keys')
-rw-r--r-- | security/keys/keyctl.c | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c index b85ace218395..1160b644dace 100644 --- a/security/keys/keyctl.c +++ b/security/keys/keyctl.c @@ -343,7 +343,13 @@ long keyctl_revoke_key(key_serial_t id) key_ref = lookup_user_key(id, 0, KEY_WRITE); if (IS_ERR(key_ref)) { ret = PTR_ERR(key_ref); - goto error; + if (ret != -EACCES) + goto error; + key_ref = lookup_user_key(id, 0, KEY_SETATTR); + if (IS_ERR(key_ref)) { + ret = PTR_ERR(key_ref); + goto error; + } } key_revoke(key_ref_to_ptr(key_ref)); |