From: Stephen Rothwell <sfr@canb.auug.org.au>
To: James Morris <jmorris@namei.org>
Cc: linux-next@vger.kernel.org, linux-kernel@vger.kernel.org,
"Eric W. Biederman" <ebiederm@xmission.com>,
David Howells <dhowells@redhat.com>
Subject: linux-next: manual merge of the security tree with Linus' tree
Date: Wed, 17 Oct 2012 11:41:28 +1100 [thread overview]
Message-ID: <20121017114128.898aac160643d3224ac8a975@canb.auug.org.au> (raw)
[-- Attachment #1: Type: text/plain, Size: 2763 bytes --]
Hi James,
Today's linux-next merge of the security tree got conflicts in
security/keys/keyring.c and security/keys/process_keys.c between commit
9a56c2db49e7 ("userns: Convert security/keys to the new userns
infrastructure") from Linus' tree and commit 96b5c8fea6c0 ("KEYS: Reduce
initial permissions on keys") from the security tree.
I fixed it up (see below) and can carry the fix as necessary (no action
is required).
--
Cheers,
Stephen Rothwell sfr@canb.auug.org.au
diff --cc security/keys/keyring.c
index 6e42df1,9270ba0..0000000
--- a/security/keys/keyring.c
+++ b/security/keys/keyring.c
@@@ -256,9 -256,9 +256,9 @@@ error
/*
* Allocate a keyring and link into the destination keyring.
*/
-struct key *keyring_alloc(const char *description, uid_t uid, gid_t gid,
+struct key *keyring_alloc(const char *description, kuid_t uid, kgid_t gid,
- const struct cred *cred, unsigned long flags,
- struct key *dest)
+ const struct cred *cred, key_perm_t perm,
+ unsigned long flags, struct key *dest)
{
struct key *keyring;
int ret;
diff --cc security/keys/process_keys.c
index a58f712,b58d938..0000000
--- a/security/keys/process_keys.c
+++ b/security/keys/process_keys.c
@@@ -45,15 -46,15 +45,17 @@@ int install_user_keyrings(void
struct user_struct *user;
const struct cred *cred;
struct key *uid_keyring, *session_keyring;
+ key_perm_t user_keyring_perm;
char buf[20];
int ret;
+ uid_t uid;
+ user_keyring_perm = (KEY_POS_ALL & ~KEY_POS_SETATTR) | KEY_USR_ALL;
cred = current_cred();
user = cred->user;
+ uid = from_kuid(cred->user_ns, user->uid);
- kenter("%p{%u}", user, user->uid);
+ kenter("%p{%u}", user, uid);
if (user->uid_keyring) {
kleave(" = 0 [exist]");
@@@ -72,9 -73,9 +74,9 @@@
uid_keyring = find_keyring_by_name(buf, true);
if (IS_ERR(uid_keyring)) {
- uid_keyring = keyring_alloc(buf, user->uid, (gid_t) -1,
+ uid_keyring = keyring_alloc(buf, user->uid, INVALID_GID,
- cred, KEY_ALLOC_IN_QUOTA,
- NULL);
+ cred, user_keyring_perm,
+ KEY_ALLOC_IN_QUOTA, NULL);
if (IS_ERR(uid_keyring)) {
ret = PTR_ERR(uid_keyring);
goto error;
@@@ -88,8 -89,9 +90,9 @@@
session_keyring = find_keyring_by_name(buf, true);
if (IS_ERR(session_keyring)) {
session_keyring =
- keyring_alloc(buf, user->uid, (gid_t) -1,
+ keyring_alloc(buf, user->uid, INVALID_GID,
- cred, KEY_ALLOC_IN_QUOTA, NULL);
+ cred, user_keyring_perm,
+ KEY_ALLOC_IN_QUOTA, NULL);
if (IS_ERR(session_keyring)) {
ret = PTR_ERR(session_keyring);
goto error_release;
[-- Attachment #2: Type: application/pgp-signature, Size: 836 bytes --]
next reply other threads:[~2012-10-17 0:41 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-10-17 0:41 Stephen Rothwell [this message]
2012-10-17 0:41 linux-next: manual merge of the security tree with Linus' tree Stephen Rothwell
2012-10-17 0:41 Stephen Rothwell
2012-10-17 0:52 ` Stephen Rothwell
2013-01-21 2:12 Stephen Rothwell
2013-01-21 3:10 ` Mimi Zohar
2013-01-21 4:30 ` Stephen Rothwell
2013-02-04 3:06 Stephen Rothwell
2015-08-04 1:14 Stephen Rothwell
2019-08-12 4:48 Stephen Rothwell
2019-08-21 3:01 Stephen Rothwell
2019-08-21 3:18 ` Stephen Rothwell
2019-08-21 3:05 Stephen Rothwell
2019-08-21 3:09 Stephen Rothwell
2022-09-01 2:27 Stephen Rothwell
2022-09-01 13:56 ` Paul Moore
2022-11-21 3:20 Stephen Rothwell
2022-11-21 18:47 ` Paul Moore
2022-11-21 21:55 ` Stephen Rothwell
2022-11-21 23:09 ` Paul Moore
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20121017114128.898aac160643d3224ac8a975@canb.auug.org.au \
--to=sfr@canb.auug.org.au \
--cc=dhowells@redhat.com \
--cc=ebiederm@xmission.com \
--cc=jmorris@namei.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-next@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).