userns: Convert security/keys to the new userns infrastructure

- Replace key_user ->user_ns equality checks with kuid_has_mapping checks.
- Use from_kuid to generate key descriptions
- Use kuid_t and kgid_t and the associated helpers instead of uid_t and gid_t
- Avoid potential problems with file descriptor passing by displaying
  keys in the user namespace of the opener of key status proc files.

Cc: linux-security-module@vger.kernel.org
Cc: keyrings@linux-nfs.org
Cc: David Howells <dhowells@redhat.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>

1 files changed, 3 insertions, 3 deletions

diff --git a/security/keys/request_key.c b/security/keys/request_key.c
index 000e75017520..66e21184b559 100644
--- a/security/keys/request_key.c
+++ b/security/keys/request_key.c
@@ -139,8 +139,8 @@ static int call_sbin_request_key(struct key_construction *cons,
                 goto error_link;
 
         /* record the UID and GID */
-        sprintf(uid_str, "%d", cred->fsuid);
-        sprintf(gid_str, "%d", cred->fsgid);
+        sprintf(uid_str, "%d", from_kuid(&init_user_ns, cred->fsuid));
+        sprintf(gid_str, "%d", from_kgid(&init_user_ns, cred->fsgid));
 
         /* we say which key is under construction */
         sprintf(key_str, "%d", key->serial);
@@ -442,7 +442,7 @@ static struct key *construct_key_and_link(struct key_type *type,
 
         kenter("");
 
-        user = key_user_lookup(current_fsuid(), current_user_ns());
+        user = key_user_lookup(current_fsuid());
         if (!user)
                 return ERR_PTR(-ENOMEM);