kernel-aes67/security
David Howells 69664cf16a keys: don't generate user and user session keyrings unless they're accessed
Don't generate the per-UID user and user session keyrings unless they're
explicitly accessed.  This solves a problem during a login process whereby
set*uid() is called before the SELinux PAM module, resulting in the per-UID
keyrings having the wrong security labels.

This also cures the problem of multiple per-UID keyrings sometimes appearing
due to PAM modules (including pam_keyinit) setuiding and causing user_structs
to come into and go out of existence whilst the session keyring pins the user
keyring.  This is achieved by first searching for extant per-UID keyrings
before inventing new ones.

The serial bound argument is also dropped from find_keyring_by_name() as it's
not currently made use of (setting it to 0 disables the feature).

Signed-off-by: David Howells <dhowells@redhat.com>
Cc: <kwc@citi.umich.edu>
Cc: <arunsr@cse.iitk.ac.in>
Cc: <dwalsh@redhat.com>
Cc: Stephen Smalley <sds@tycho.nsa.gov>
Cc: James Morris <jmorris@namei.org>
Cc: Chris Wright <chrisw@sous-sol.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-04-29 08:06:17 -07:00
..
keys keys: don't generate user and user session keyrings unless they're accessed 2008-04-29 08:06:17 -07:00
selinux keys: don't generate user and user session keyrings unless they're accessed 2008-04-29 08:06:17 -07:00
smack xattr: add missing consts to function arguments 2008-04-29 08:06:06 -07:00
capability.c capabilities: implement per-process securebits 2008-04-28 08:58:26 -07:00
commoncap.c xattr: add missing consts to function arguments 2008-04-29 08:06:06 -07:00
device_cgroup.c cgroups: introduce cft->read_seq() 2008-04-29 08:06:10 -07:00
dummy.c keys: add keyctl function to get a security label 2008-04-29 08:06:16 -07:00
inode.c Kobject: convert remaining kobject_unregister() to kobject_put() 2008-01-24 20:40:40 -08:00
Kconfig security: enhance DEFAULT_MMAP_MIN_ADDR description 2008-04-18 20:26:18 +10:00
Makefile cgroups: implement device whitelist 2008-04-29 08:06:09 -07:00
root_plug.c root_plug: use cap_task_prctl 2008-04-28 08:58:27 -07:00
security.c keys: add keyctl function to get a security label 2008-04-29 08:06:16 -07:00