diff options
Diffstat (limited to 'security/keys/persistent.c')
| -rw-r--r-- | security/keys/persistent.c | 27 |
1 files changed, 4 insertions, 23 deletions
diff --git a/security/keys/persistent.c b/security/keys/persistent.c index 8171c90d4c9a..97af230aa4b2 100644 --- a/security/keys/persistent.c +++ b/security/keys/persistent.c | |||
| @@ -12,27 +12,6 @@ | |||
| 12 | 12 | ||
| 13 | unsigned persistent_keyring_expiry = 3 * 24 * 3600; /* Expire after 3 days of non-use */ | 13 | unsigned persistent_keyring_expiry = 3 * 24 * 3600; /* Expire after 3 days of non-use */ |
| 14 | 14 | ||
| 15 | static struct key_acl persistent_register_keyring_acl = { | ||
| 16 | .usage = REFCOUNT_INIT(1), | ||
| 17 | .nr_ace = 2, | ||
| 18 | .aces = { | ||
| 19 | KEY_POSSESSOR_ACE(KEY_ACE_SEARCH | KEY_ACE_WRITE), | ||
| 20 | KEY_OWNER_ACE(KEY_ACE_VIEW | KEY_ACE_READ), | ||
| 21 | } | ||
| 22 | }; | ||
| 23 | |||
| 24 | static struct key_acl persistent_keyring_acl = { | ||
| 25 | .usage = REFCOUNT_INIT(1), | ||
| 26 | .nr_ace = 2, | ||
| 27 | .possessor_viewable = true, | ||
| 28 | .aces = { | ||
| 29 | KEY_POSSESSOR_ACE(KEY_ACE_VIEW | KEY_ACE_READ | KEY_ACE_WRITE | | ||
| 30 | KEY_ACE_SEARCH | KEY_ACE_LINK | | ||
| 31 | KEY_ACE_CLEAR | KEY_ACE_INVAL), | ||
| 32 | KEY_OWNER_ACE(KEY_ACE_VIEW | KEY_ACE_READ), | ||
| 33 | } | ||
| 34 | }; | ||
| 35 | |||
| 36 | /* | 15 | /* |
| 37 | * Create the persistent keyring register for the current user namespace. | 16 | * Create the persistent keyring register for the current user namespace. |
| 38 | * | 17 | * |
| @@ -43,7 +22,8 @@ static int key_create_persistent_register(struct user_namespace *ns) | |||
| 43 | struct key *reg = keyring_alloc(".persistent_register", | 22 | struct key *reg = keyring_alloc(".persistent_register", |
| 44 | KUIDT_INIT(0), KGIDT_INIT(0), | 23 | KUIDT_INIT(0), KGIDT_INIT(0), |
| 45 | current_cred(), | 24 | current_cred(), |
| 46 | &persistent_register_keyring_acl, | 25 | ((KEY_POS_ALL & ~KEY_POS_SETATTR) | |
| 26 | KEY_USR_VIEW | KEY_USR_READ), | ||
| 47 | KEY_ALLOC_NOT_IN_QUOTA, NULL, NULL); | 27 | KEY_ALLOC_NOT_IN_QUOTA, NULL, NULL); |
| 48 | if (IS_ERR(reg)) | 28 | if (IS_ERR(reg)) |
| 49 | return PTR_ERR(reg); | 29 | return PTR_ERR(reg); |
| @@ -76,7 +56,8 @@ static key_ref_t key_create_persistent(struct user_namespace *ns, kuid_t uid, | |||
| 76 | 56 | ||
| 77 | persistent = keyring_alloc(index_key->description, | 57 | persistent = keyring_alloc(index_key->description, |
| 78 | uid, INVALID_GID, current_cred(), | 58 | uid, INVALID_GID, current_cred(), |
| 79 | &persistent_keyring_acl, | 59 | ((KEY_POS_ALL & ~KEY_POS_SETATTR) | |
| 60 | KEY_USR_VIEW | KEY_USR_READ), | ||
| 80 | KEY_ALLOC_NOT_IN_QUOTA, NULL, | 61 | KEY_ALLOC_NOT_IN_QUOTA, NULL, |
| 81 | ns->persistent_keyring_register); | 62 | ns->persistent_keyring_register); |
| 82 | if (IS_ERR(persistent)) | 63 | if (IS_ERR(persistent)) |