* Merge resolution for fscrypt and keyrings trees
@ 2019-08-14 22:28 Eric Biggers
2019-08-15 13:37 ` David Howells
0 siblings, 1 reply; 3+ messages in thread
From: Eric Biggers @ 2019-08-14 22:28 UTC (permalink / raw)
To: Stephen Rothwell; +Cc: linux-fscrypt, linux-next, keyrings
Hi Stephen, the fscrypt patches I've just pushed out conflict with the keys ACLs
patch in keys-next. To resolve the conflict for tomorrow's linux-next:
1. Discard change to deleted file keyinfo.c
2. In keyinfo_v1.c, add NULL argument to request_key() [this was change (1)]
3. In keyring.c, translate key permissions to ACLs
'git diff fscrypt/master -- fs/crypto/' on the merge commit should show:
diff --git a/fs/crypto/keyring.c b/fs/crypto/keyring.c
index c34fa7c61b43b0..8a7519b120153b 100644
--- a/fs/crypto/keyring.c
+++ b/fs/crypto/keyring.c
@@ -127,6 +127,38 @@ static struct key_type key_type_fscrypt_user = {
.describe = fscrypt_user_key_describe,
};
+static struct key_acl fscrypt_keyring_acl = {
+ .usage = REFCOUNT_INIT(1),
+ .nr_ace = 2,
+ .aces = {
+ KEY_POSSESSOR_ACE(KEY_ACE_SEARCH | KEY_ACE_INVAL |
+ KEY_ACE_JOIN),
+ KEY_OWNER_ACE(KEY_ACE_SEARCH | KEY_ACE_INVAL | KEY_ACE_JOIN |
+ KEY_ACE_READ | KEY_ACE_VIEW),
+ }
+};
+
+static struct key_acl fscrypt_key_acl = {
+ .usage = REFCOUNT_INIT(1),
+ .nr_ace = 2,
+ .aces = {
+ KEY_POSSESSOR_ACE(KEY_ACE_SEARCH | KEY_ACE_INVAL |
+ KEY_ACE_JOIN),
+ KEY_OWNER_ACE(KEY_ACE_SEARCH | KEY_ACE_INVAL | KEY_ACE_JOIN |
+ KEY_ACE_VIEW),
+ }
+};
+
+static struct key_acl fscrypt_user_key_acl = {
+ .usage = REFCOUNT_INIT(1),
+ .nr_ace = 2,
+ .aces = {
+ KEY_POSSESSOR_ACE(KEY_ACE_SEARCH | KEY_ACE_INVAL |
+ KEY_ACE_JOIN),
+ KEY_OWNER_ACE(KEY_ACE_VIEW),
+ }
+};
+
/* Search ->s_master_keys or ->mk_users */
static struct key *search_fscrypt_keyring(struct key *keyring,
struct key_type *type,
@@ -203,8 +235,7 @@ static int allocate_filesystem_keyring(struct super_block *sb)
format_fs_keyring_description(description, sb);
keyring = keyring_alloc(description, GLOBAL_ROOT_UID, GLOBAL_ROOT_GID,
- current_cred(), KEY_POS_SEARCH |
- KEY_USR_SEARCH | KEY_USR_READ | KEY_USR_VIEW,
+ current_cred(), &fscrypt_keyring_acl,
KEY_ALLOC_NOT_IN_QUOTA, NULL, NULL);
if (IS_ERR(keyring))
return PTR_ERR(keyring);
@@ -247,8 +278,7 @@ static int allocate_master_key_users_keyring(struct fscrypt_master_key *mk)
format_mk_users_keyring_description(description,
mk->mk_spec.u.identifier);
keyring = keyring_alloc(description, GLOBAL_ROOT_UID, GLOBAL_ROOT_GID,
- current_cred(), KEY_POS_SEARCH |
- KEY_USR_SEARCH | KEY_USR_READ | KEY_USR_VIEW,
+ current_cred(), &fscrypt_keyring_acl,
KEY_ALLOC_NOT_IN_QUOTA, NULL, NULL);
if (IS_ERR(keyring))
return PTR_ERR(keyring);
@@ -285,7 +315,7 @@ static int add_master_key_user(struct fscrypt_master_key *mk)
format_mk_user_description(description, mk->mk_spec.u.identifier);
mk_user = key_alloc(&key_type_fscrypt_user, description,
current_fsuid(), current_gid(), current_cred(),
- KEY_POS_SEARCH | KEY_USR_VIEW, 0, NULL);
+ &fscrypt_user_key_acl, 0, NULL);
if (IS_ERR(mk_user))
return PTR_ERR(mk_user);
@@ -357,8 +387,7 @@ static int add_new_master_key(struct fscrypt_master_key_secret *secret,
format_mk_description(description, mk_spec);
key = key_alloc(&key_type_fscrypt, description,
GLOBAL_ROOT_UID, GLOBAL_ROOT_GID, current_cred(),
- KEY_POS_SEARCH | KEY_USR_SEARCH | KEY_USR_VIEW,
- KEY_ALLOC_NOT_IN_QUOTA, NULL);
+ &fscrypt_key_acl, KEY_ALLOC_NOT_IN_QUOTA, NULL);
if (IS_ERR(key)) {
err = PTR_ERR(key);
goto out_free_mk;
diff --git a/fs/crypto/keysetup_v1.c b/fs/crypto/keysetup_v1.c
index ad1a36c370c3fb..0727251be865b7 100644
--- a/fs/crypto/keysetup_v1.c
+++ b/fs/crypto/keysetup_v1.c
@@ -104,7 +104,7 @@ find_and_lock_process_key(const char *prefix,
if (!description)
return ERR_PTR(-ENOMEM);
- key = request_key(&key_type_logon, description, NULL);
+ key = request_key(&key_type_logon, description, NULL, NULL);
kfree(description);
if (IS_ERR(key))
return key;
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: Merge resolution for fscrypt and keyrings trees
2019-08-14 22:28 Merge resolution for fscrypt and keyrings trees Eric Biggers
@ 2019-08-15 13:37 ` David Howells
2019-08-15 16:24 ` Eric Biggers
0 siblings, 1 reply; 3+ messages in thread
From: David Howells @ 2019-08-15 13:37 UTC (permalink / raw)
To: Eric Biggers
Cc: dhowells, Stephen Rothwell, linux-fscrypt, linux-next, keyrings
Eric Biggers <ebiggers@kernel.org> wrote:
> +static struct key_acl fscrypt_keyring_acl = {
> + .usage = REFCOUNT_INIT(1),
> + .nr_ace = 2,
> + .aces = {
> + KEY_POSSESSOR_ACE(KEY_ACE_SEARCH | KEY_ACE_INVAL |
> + KEY_ACE_JOIN),
> + KEY_OWNER_ACE(KEY_ACE_SEARCH | KEY_ACE_INVAL | KEY_ACE_JOIN |
> + KEY_ACE_READ | KEY_ACE_VIEW),
> + }
> +};
Does you really want JOIN permission for these keyrings? Are you permitting
them to be used with KEYCTL_JOIN_SESSION_KEYRING? Do you also want INVAL for
the keyring rather than just the keys it contains? Would CLEAR be more
appropriate?
> +static struct key_acl fscrypt_key_acl = {
> + .usage = REFCOUNT_INIT(1),
> + .nr_ace = 2,
> + .aces = {
> + KEY_POSSESSOR_ACE(KEY_ACE_SEARCH | KEY_ACE_INVAL |
> + KEY_ACE_JOIN),
> + KEY_OWNER_ACE(KEY_ACE_SEARCH | KEY_ACE_INVAL | KEY_ACE_JOIN |
> + KEY_ACE_VIEW),
> + }
> +};
JOIN permission is useless here. This is only used for keys of type
key_type_fscrypt that I can see - and those aren't keyrings and so aren't
joinable.
> +static struct key_acl fscrypt_user_key_acl = {
Ditto.
David
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Merge resolution for fscrypt and keyrings trees
2019-08-15 13:37 ` David Howells
@ 2019-08-15 16:24 ` Eric Biggers
0 siblings, 0 replies; 3+ messages in thread
From: Eric Biggers @ 2019-08-15 16:24 UTC (permalink / raw)
To: David Howells; +Cc: Stephen Rothwell, linux-fscrypt, linux-next, keyrings
Hi David,
On Thu, Aug 15, 2019 at 02:37:20PM +0100, David Howells wrote:
> Eric Biggers <ebiggers@kernel.org> wrote:
>
> > +static struct key_acl fscrypt_keyring_acl = {
> > + .usage = REFCOUNT_INIT(1),
> > + .nr_ace = 2,
> > + .aces = {
> > + KEY_POSSESSOR_ACE(KEY_ACE_SEARCH | KEY_ACE_INVAL |
> > + KEY_ACE_JOIN),
> > + KEY_OWNER_ACE(KEY_ACE_SEARCH | KEY_ACE_INVAL | KEY_ACE_JOIN |
> > + KEY_ACE_READ | KEY_ACE_VIEW),
> > + }
> > +};
>
> Does you really want JOIN permission for these keyrings? Are you permitting
> them to be used with KEYCTL_JOIN_SESSION_KEYRING? Do you also want INVAL for
> the keyring rather than just the keys it contains? Would CLEAR be more
> appropriate?
I don't actually want any of JOIN, INVAL, or CLEAR on any of these keys or
keyrings. But it's not really appropriate to make semantic changes in a merge
resolution; remember that pre-merge, SEARCH implied INVAL and JOIN. Instead
I'll remove the unneeded permissions in a separate patch later.
>
> > +static struct key_acl fscrypt_key_acl = {
> > + .usage = REFCOUNT_INIT(1),
> > + .nr_ace = 2,
> > + .aces = {
> > + KEY_POSSESSOR_ACE(KEY_ACE_SEARCH | KEY_ACE_INVAL |
> > + KEY_ACE_JOIN),
> > + KEY_OWNER_ACE(KEY_ACE_SEARCH | KEY_ACE_INVAL | KEY_ACE_JOIN |
> > + KEY_ACE_VIEW),
> > + }
> > +};
>
> JOIN permission is useless here. This is only used for keys of type
> key_type_fscrypt that I can see - and those aren't keyrings and so aren't
> joinable.
>
Okay, let's remove JOIN from the non-keyrings now then. So now it's:
diff --git a/fs/crypto/keyring.c b/fs/crypto/keyring.c
index c34fa7c61b43b0..fb4f6a44ffcd09 100644
--- a/fs/crypto/keyring.c
+++ b/fs/crypto/keyring.c
@@ -127,6 +127,35 @@ static struct key_type key_type_fscrypt_user = {
.describe = fscrypt_user_key_describe,
};
+static struct key_acl fscrypt_keyring_acl = {
+ .usage = REFCOUNT_INIT(1),
+ .nr_ace = 2,
+ .aces = {
+ KEY_POSSESSOR_ACE(KEY_ACE_SEARCH | KEY_ACE_INVAL |
+ KEY_ACE_JOIN),
+ KEY_OWNER_ACE(KEY_ACE_SEARCH | KEY_ACE_INVAL | KEY_ACE_JOIN |
+ KEY_ACE_READ | KEY_ACE_VIEW),
+ }
+};
+
+static struct key_acl fscrypt_key_acl = {
+ .usage = REFCOUNT_INIT(1),
+ .nr_ace = 2,
+ .aces = {
+ KEY_POSSESSOR_ACE(KEY_ACE_SEARCH | KEY_ACE_INVAL),
+ KEY_OWNER_ACE(KEY_ACE_SEARCH | KEY_ACE_INVAL | KEY_ACE_VIEW),
+ }
+};
+
+static struct key_acl fscrypt_user_key_acl = {
+ .usage = REFCOUNT_INIT(1),
+ .nr_ace = 2,
+ .aces = {
+ KEY_POSSESSOR_ACE(KEY_ACE_SEARCH | KEY_ACE_INVAL),
+ KEY_OWNER_ACE(KEY_ACE_VIEW),
+ }
+};
+
/* Search ->s_master_keys or ->mk_users */
static struct key *search_fscrypt_keyring(struct key *keyring,
struct key_type *type,
@@ -203,8 +232,7 @@ static int allocate_filesystem_keyring(struct super_block *sb)
format_fs_keyring_description(description, sb);
keyring = keyring_alloc(description, GLOBAL_ROOT_UID, GLOBAL_ROOT_GID,
- current_cred(), KEY_POS_SEARCH |
- KEY_USR_SEARCH | KEY_USR_READ | KEY_USR_VIEW,
+ current_cred(), &fscrypt_keyring_acl,
KEY_ALLOC_NOT_IN_QUOTA, NULL, NULL);
if (IS_ERR(keyring))
return PTR_ERR(keyring);
@@ -247,8 +275,7 @@ static int allocate_master_key_users_keyring(struct fscrypt_master_key *mk)
format_mk_users_keyring_description(description,
mk->mk_spec.u.identifier);
keyring = keyring_alloc(description, GLOBAL_ROOT_UID, GLOBAL_ROOT_GID,
- current_cred(), KEY_POS_SEARCH |
- KEY_USR_SEARCH | KEY_USR_READ | KEY_USR_VIEW,
+ current_cred(), &fscrypt_keyring_acl,
KEY_ALLOC_NOT_IN_QUOTA, NULL, NULL);
if (IS_ERR(keyring))
return PTR_ERR(keyring);
@@ -285,7 +312,7 @@ static int add_master_key_user(struct fscrypt_master_key *mk)
format_mk_user_description(description, mk->mk_spec.u.identifier);
mk_user = key_alloc(&key_type_fscrypt_user, description,
current_fsuid(), current_gid(), current_cred(),
- KEY_POS_SEARCH | KEY_USR_VIEW, 0, NULL);
+ &fscrypt_user_key_acl, 0, NULL);
if (IS_ERR(mk_user))
return PTR_ERR(mk_user);
@@ -357,8 +384,7 @@ static int add_new_master_key(struct fscrypt_master_key_secret *secret,
format_mk_description(description, mk_spec);
key = key_alloc(&key_type_fscrypt, description,
GLOBAL_ROOT_UID, GLOBAL_ROOT_GID, current_cred(),
- KEY_POS_SEARCH | KEY_USR_SEARCH | KEY_USR_VIEW,
- KEY_ALLOC_NOT_IN_QUOTA, NULL);
+ &fscrypt_key_acl, KEY_ALLOC_NOT_IN_QUOTA, NULL);
if (IS_ERR(key)) {
err = PTR_ERR(key);
goto out_free_mk;
diff --git a/fs/crypto/keysetup_v1.c b/fs/crypto/keysetup_v1.c
index ad1a36c370c3fb..0727251be865b7 100644
--- a/fs/crypto/keysetup_v1.c
+++ b/fs/crypto/keysetup_v1.c
@@ -104,7 +104,7 @@ find_and_lock_process_key(const char *prefix,
if (!description)
return ERR_PTR(-ENOMEM);
- key = request_key(&key_type_logon, description, NULL);
+ key = request_key(&key_type_logon, description, NULL, NULL);
kfree(description);
if (IS_ERR(key))
return key;
^ permalink raw reply related [flat|nested] 3+ messages in thread
end of thread, other threads:[~2019-08-15 16:24 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-08-14 22:28 Merge resolution for fscrypt and keyrings trees Eric Biggers
2019-08-15 13:37 ` David Howells
2019-08-15 16:24 ` Eric Biggers
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).