summaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authorDavid Howells <dhowells@redhat.com>2019-06-26 22:02:33 +0200
committerDavid Howells <dhowells@redhat.com>2019-06-26 22:02:33 +0200
commit9b242610514fe387ef957bce05e1fdd3efd60359 (patch)
tree57917a3649c3a4b0bd66a54fbab24c4ca644ab56 /security
parentkeys: Garbage collect keys for which the domain has been removed (diff)
downloadlinux-9b242610514fe387ef957bce05e1fdd3efd60359.tar.xz
linux-9b242610514fe387ef957bce05e1fdd3efd60359.zip
keys: Network namespace domain tag
Create key domain tags for network namespaces and make it possible to automatically tag keys that are used by networked services (e.g. AF_RXRPC, AFS, DNS) with the default network namespace if not set by the caller. This allows keys with the same description but in different namespaces to coexist within a keyring. Signed-off-by: David Howells <dhowells@redhat.com> cc: netdev@vger.kernel.org cc: linux-nfs@vger.kernel.org cc: linux-cifs@vger.kernel.org cc: linux-afs@lists.infradead.org
Diffstat (limited to 'security')
-rw-r--r--security/keys/keyring.c7
1 files changed, 6 insertions, 1 deletions
diff --git a/security/keys/keyring.c b/security/keys/keyring.c
index d3c86fda1510..bca070f6ab46 100644
--- a/security/keys/keyring.c
+++ b/security/keys/keyring.c
@@ -17,10 +17,12 @@
#include <linux/seq_file.h>
#include <linux/err.h>
#include <linux/user_namespace.h>
+#include <linux/nsproxy.h>
#include <keys/keyring-type.h>
#include <keys/user-type.h>
#include <linux/assoc_array_priv.h>
#include <linux/uaccess.h>
+#include <net/net_namespace.h>
#include "internal.h"
/*
@@ -220,7 +222,10 @@ void key_set_index_key(struct keyring_index_key *index_key)
memcpy(index_key->desc, index_key->description, n);
- index_key->domain_tag = &default_domain_tag;
+ if (index_key->type->flags & KEY_TYPE_NET_DOMAIN)
+ index_key->domain_tag = current->nsproxy->net_ns->key_domain;
+ else
+ index_key->domain_tag = &default_domain_tag;
hash_key_type_and_desc(index_key);
}