diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2019-03-07 14:44:01 -0500 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2019-03-07 14:44:01 -0500 |
| commit | ae5906ceee038ea29ff5162d1bcd18fb50af8b94 (patch) | |
| tree | 841a11c6d3c3afcf7e4d57be370ebcf57aab214a /security/keys/request_key.c | |
| parent | 1fc1cd8399ab5541a488a7e47b2f21537dd76c2d (diff) | |
| parent | 468e91cecb3218afd684b8c422490dfebe0691bb (diff) | |
Merge branch 'next-general' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
Pull security subsystem updates from James Morris:
- Extend LSM stacking to allow sharing of cred, file, ipc, inode, and
task blobs. This paves the way for more full-featured LSMs to be
merged, and is specifically aimed at LandLock and SARA LSMs. This
work is from Casey and Kees.
- There's a new LSM from Micah Morton: "SafeSetID gates the setid
family of syscalls to restrict UID/GID transitions from a given
UID/GID to only those approved by a system-wide whitelist." This
feature is currently shipping in ChromeOS.
* 'next-general' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (62 commits)
keys: fix missing __user in KEYCTL_PKEY_QUERY
LSM: Update list of SECURITYFS users in Kconfig
LSM: Ignore "security=" when "lsm=" is specified
LSM: Update function documentation for cap_capable
security: mark expected switch fall-throughs and add a missing break
tomoyo: Bump version.
LSM: fix return value check in safesetid_init_securityfs()
LSM: SafeSetID: add selftest
LSM: SafeSetID: remove unused include
LSM: SafeSetID: 'depend' on CONFIG_SECURITY
LSM: Add 'name' field for SafeSetID in DEFINE_LSM
LSM: add SafeSetID module that gates setid calls
LSM: add SafeSetID module that gates setid calls
tomoyo: Allow multiple use_group lines.
tomoyo: Coding style fix.
tomoyo: Swicth from cred->security to task_struct->security.
security: keys: annotate implicit fall throughs
security: keys: annotate implicit fall throughs
security: keys: annotate implicit fall through
capabilities:: annotate implicit fall through
...
Diffstat (limited to 'security/keys/request_key.c')
| -rw-r--r-- | security/keys/request_key.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/security/keys/request_key.c b/security/keys/request_key.c index 7a0c6b666ff0..2f17d84d46f1 100644 --- a/security/keys/request_key.c +++ b/security/keys/request_key.c | |||
| @@ -273,16 +273,19 @@ static int construct_get_dest_keyring(struct key **_dest_keyring) | |||
| 273 | } | 273 | } |
| 274 | } | 274 | } |
| 275 | 275 | ||
| 276 | /* fall through */ | ||
| 276 | case KEY_REQKEY_DEFL_THREAD_KEYRING: | 277 | case KEY_REQKEY_DEFL_THREAD_KEYRING: |
| 277 | dest_keyring = key_get(cred->thread_keyring); | 278 | dest_keyring = key_get(cred->thread_keyring); |
| 278 | if (dest_keyring) | 279 | if (dest_keyring) |
| 279 | break; | 280 | break; |
| 280 | 281 | ||
| 282 | /* fall through */ | ||
| 281 | case KEY_REQKEY_DEFL_PROCESS_KEYRING: | 283 | case KEY_REQKEY_DEFL_PROCESS_KEYRING: |
| 282 | dest_keyring = key_get(cred->process_keyring); | 284 | dest_keyring = key_get(cred->process_keyring); |
| 283 | if (dest_keyring) | 285 | if (dest_keyring) |
| 284 | break; | 286 | break; |
| 285 | 287 | ||
| 288 | /* fall through */ | ||
| 286 | case KEY_REQKEY_DEFL_SESSION_KEYRING: | 289 | case KEY_REQKEY_DEFL_SESSION_KEYRING: |
| 287 | rcu_read_lock(); | 290 | rcu_read_lock(); |
| 288 | dest_keyring = key_get( | 291 | dest_keyring = key_get( |
| @@ -292,6 +295,7 @@ static int construct_get_dest_keyring(struct key **_dest_keyring) | |||
| 292 | if (dest_keyring) | 295 | if (dest_keyring) |
| 293 | break; | 296 | break; |
| 294 | 297 | ||
| 298 | /* fall through */ | ||
| 295 | case KEY_REQKEY_DEFL_USER_SESSION_KEYRING: | 299 | case KEY_REQKEY_DEFL_USER_SESSION_KEYRING: |
| 296 | dest_keyring = | 300 | dest_keyring = |
| 297 | key_get(cred->user->session_keyring); | 301 | key_get(cred->user->session_keyring); |