diff options
author | David Howells <dhowells@redhat.com> | 2019-06-26 22:02:33 +0200 |
---|---|---|
committer | David Howells <dhowells@redhat.com> | 2019-06-26 22:02:33 +0200 |
commit | 9b242610514fe387ef957bce05e1fdd3efd60359 (patch) | |
tree | 57917a3649c3a4b0bd66a54fbab24c4ca644ab56 /security | |
parent | keys: Garbage collect keys for which the domain has been removed (diff) | |
download | linux-9b242610514fe387ef957bce05e1fdd3efd60359.tar.xz linux-9b242610514fe387ef957bce05e1fdd3efd60359.zip |
keys: Network namespace domain tag
Create key domain tags for network namespaces and make it possible to
automatically tag keys that are used by networked services (e.g. AF_RXRPC,
AFS, DNS) with the default network namespace if not set by the caller.
This allows keys with the same description but in different namespaces to
coexist within a keyring.
Signed-off-by: David Howells <dhowells@redhat.com>
cc: netdev@vger.kernel.org
cc: linux-nfs@vger.kernel.org
cc: linux-cifs@vger.kernel.org
cc: linux-afs@lists.infradead.org
Diffstat (limited to 'security')
-rw-r--r-- | security/keys/keyring.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/security/keys/keyring.c b/security/keys/keyring.c index d3c86fda1510..bca070f6ab46 100644 --- a/security/keys/keyring.c +++ b/security/keys/keyring.c @@ -17,10 +17,12 @@ #include <linux/seq_file.h> #include <linux/err.h> #include <linux/user_namespace.h> +#include <linux/nsproxy.h> #include <keys/keyring-type.h> #include <keys/user-type.h> #include <linux/assoc_array_priv.h> #include <linux/uaccess.h> +#include <net/net_namespace.h> #include "internal.h" /* @@ -220,7 +222,10 @@ void key_set_index_key(struct keyring_index_key *index_key) memcpy(index_key->desc, index_key->description, n); - index_key->domain_tag = &default_domain_tag; + if (index_key->type->flags & KEY_TYPE_NET_DOMAIN) + index_key->domain_tag = current->nsproxy->net_ns->key_domain; + else + index_key->domain_tag = &default_domain_tag; hash_key_type_and_desc(index_key); } |