luck/tmp_suning_uos_patched
1
0
Fork 1
Code Issues Pull Requests Packages Projects Releases Wiki Activity
b206f281d0
tmp_suning_uos_patched/security/keys
History
David Howells b206f281d0 keys: Namespace keyring names 
Keyring names are held in a single global list that any process can pick
from by means of keyctl_join_session_keyring (provided the keyring grants
Search permission).  This isn't very container friendly, however.

Make the following changes:

 (1) Make default session, process and thread keyring names begin with a
     '.' instead of '_'.

 (2) Keyrings whose names begin with a '.' aren't added to the list.  Such
     keyrings are system specials.

 (3) Replace the global list with per-user_namespace lists.  A keyring adds
     its name to the list for the user_namespace that it is currently in.

 (4) When a user_namespace is deleted, it just removes itself from the
     keyring name list.

The global keyring_name_lock is retained for accessing the name lists.
This allows (4) to work.

This can be tested by:

	# keyctl newring foo @s
	995906392
	# unshare -U
	$ keyctl show
	...
	 995906392 --alswrv  65534 65534   \_ keyring: foo
	...
	$ keyctl session foo
	Joined session keyring: 935622349

As can be seen, a new session keyring was created.

The capability bit KEYCTL_CAPS1_NS_KEYRING_NAME is set if the kernel is
employing this feature.

Signed-off-by: David Howells <dhowells@redhat.com>
cc: Eric W. Biederman <ebiederm@xmission.com>
2019-06-26 21:02:32 +01:00
..
encrypted-keys crypto: shash - remove shash_desc::flags 2019-04-25 15:38:12 +08:00
big_key.c big key: get rid of stack array allocation 2018-05-11 13:07:45 -07:00
compat_dh.c KEYS: DH: validate __spare field 2017-07-14 11:01:38 +10:00
compat.c keys: Add capability-checking keyctl function 2019-06-19 13:27:45 +01:00
dh.c crypto: shash - remove shash_desc::flags 2019-04-25 15:38:12 +08:00
gc.c security: audit and remove any unnecessary uses of module.h 2018-12-12 14:58:51 -08:00
internal.h keys: Add a 'recurse' flag for keyring searches 2019-06-26 21:02:32 +01:00
Kconfig keys: Cache result of request_key*() temporarily in task_struct 2019-06-19 16:10:15 +01:00
key.c keys: Cache the hash value to avoid lots of recalculation 2019-06-26 21:02:32 +01:00
keyctl_pkey.c KEYS: fix parsing invalid pkey info string 2019-01-01 13:13:19 -08:00
keyctl.c keys: Namespace keyring names 2019-06-26 21:02:32 +01:00
keyring.c keys: Namespace keyring names 2019-06-26 21:02:32 +01:00
Makefile KEYS: Provide keyctls to drive the new key type ops for asymmetric keys [ver #2] 2018-10-26 09:30:46 +01:00
permission.c security: audit and remove any unnecessary uses of module.h 2018-12-12 14:58:51 -08:00
persistent.c keys: Simplify key description management 2019-06-26 21:02:31 +01:00
proc.c keys: Add a 'recurse' flag for keyring searches 2019-06-26 21:02:32 +01:00
process_keys.c keys: Add a 'recurse' flag for keyring searches 2019-06-26 21:02:32 +01:00
request_key_auth.c keys: Add a 'recurse' flag for keyring searches 2019-06-26 21:02:32 +01:00
request_key.c keys: Add a 'recurse' flag for keyring searches 2019-06-26 21:02:32 +01:00
sysctl.c security: Convert use of typedef ctl_table to struct ctl_table 2014-04-15 13:39:58 +10:00
trusted.c Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2019-05-06 20:15:06 -07:00
user_defined.c security: audit and remove any unnecessary uses of module.h 2018-12-12 14:58:51 -08:00