diff options
| author | David Howells <dhowells@redhat.com> | 2008-11-13 18:39:20 -0500 |
|---|---|---|
| committer | James Morris <jmorris@namei.org> | 2008-11-13 18:39:20 -0500 |
| commit | bb952bb98a7e479262c7eb25d5592545a3af147d (patch) | |
| tree | 9a2158c07a22a5fbddcec412944d2e7534eecc8f /include | |
| parent | 275bb41e9d058fbb327e7642f077e1beaeac162e (diff) | |
CRED: Separate per-task-group keyrings from signal_struct
Separate per-task-group keyrings from signal_struct and dangle their anchor
from the cred struct rather than the signal_struct.
Signed-off-by: David Howells <dhowells@redhat.com>
Reviewed-by: James Morris <jmorris@namei.org>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'include')
| -rw-r--r-- | include/linux/cred.h | 16 | ||||
| -rw-r--r-- | include/linux/key.h | 8 | ||||
| -rw-r--r-- | include/linux/sched.h | 6 |
3 files changed, 18 insertions, 12 deletions
diff --git a/include/linux/cred.h b/include/linux/cred.h index 166ce4ddba64..62b9e532422d 100644 --- a/include/linux/cred.h +++ b/include/linux/cred.h | |||
| @@ -72,6 +72,21 @@ extern int in_group_p(gid_t); | |||
| 72 | extern int in_egroup_p(gid_t); | 72 | extern int in_egroup_p(gid_t); |
| 73 | 73 | ||
| 74 | /* | 74 | /* |
| 75 | * The common credentials for a thread group | ||
| 76 | * - shared by CLONE_THREAD | ||
| 77 | */ | ||
| 78 | #ifdef CONFIG_KEYS | ||
| 79 | struct thread_group_cred { | ||
| 80 | atomic_t usage; | ||
| 81 | pid_t tgid; /* thread group process ID */ | ||
| 82 | spinlock_t lock; | ||
| 83 | struct key *session_keyring; /* keyring inherited over fork */ | ||
| 84 | struct key *process_keyring; /* keyring private to this process */ | ||
| 85 | struct rcu_head rcu; /* RCU deletion hook */ | ||
| 86 | }; | ||
| 87 | #endif | ||
| 88 | |||
| 89 | /* | ||
| 75 | * The security context of a task | 90 | * The security context of a task |
| 76 | * | 91 | * |
| 77 | * The parts of the context break down into two categories: | 92 | * The parts of the context break down into two categories: |
| @@ -114,6 +129,7 @@ struct cred { | |||
| 114 | * keys to */ | 129 | * keys to */ |
| 115 | struct key *thread_keyring; /* keyring private to this thread */ | 130 | struct key *thread_keyring; /* keyring private to this thread */ |
| 116 | struct key *request_key_auth; /* assumed request_key authority */ | 131 | struct key *request_key_auth; /* assumed request_key authority */ |
| 132 | struct thread_group_cred *tgcred; /* thread-group shared credentials */ | ||
| 117 | #endif | 133 | #endif |
| 118 | #ifdef CONFIG_SECURITY | 134 | #ifdef CONFIG_SECURITY |
| 119 | void *security; /* subjective LSM security */ | 135 | void *security; /* subjective LSM security */ |
diff --git a/include/linux/key.h b/include/linux/key.h index df709e1af3cd..0836cc838b0c 100644 --- a/include/linux/key.h +++ b/include/linux/key.h | |||
| @@ -278,9 +278,7 @@ extern ctl_table key_sysctls[]; | |||
| 278 | */ | 278 | */ |
| 279 | extern void switch_uid_keyring(struct user_struct *new_user); | 279 | extern void switch_uid_keyring(struct user_struct *new_user); |
| 280 | extern int copy_keys(unsigned long clone_flags, struct task_struct *tsk); | 280 | extern int copy_keys(unsigned long clone_flags, struct task_struct *tsk); |
| 281 | extern int copy_thread_group_keys(struct task_struct *tsk); | ||
| 282 | extern void exit_keys(struct task_struct *tsk); | 281 | extern void exit_keys(struct task_struct *tsk); |
| 283 | extern void exit_thread_group_keys(struct signal_struct *tg); | ||
| 284 | extern int suid_keys(struct task_struct *tsk); | 282 | extern int suid_keys(struct task_struct *tsk); |
| 285 | extern int exec_keys(struct task_struct *tsk); | 283 | extern int exec_keys(struct task_struct *tsk); |
| 286 | extern void key_fsuid_changed(struct task_struct *tsk); | 284 | extern void key_fsuid_changed(struct task_struct *tsk); |
| @@ -289,8 +287,8 @@ extern void key_init(void); | |||
| 289 | 287 | ||
| 290 | #define __install_session_keyring(keyring) \ | 288 | #define __install_session_keyring(keyring) \ |
| 291 | ({ \ | 289 | ({ \ |
| 292 | struct key *old_session = current->signal->session_keyring; \ | 290 | struct key *old_session = current->cred->tgcred->session_keyring; \ |
| 293 | current->signal->session_keyring = keyring; \ | 291 | current->cred->tgcred->session_keyring = keyring; \ |
| 294 | old_session; \ | 292 | old_session; \ |
| 295 | }) | 293 | }) |
| 296 | 294 | ||
| @@ -308,9 +306,7 @@ extern void key_init(void); | |||
| 308 | #define switch_uid_keyring(u) do { } while(0) | 306 | #define switch_uid_keyring(u) do { } while(0) |
| 309 | #define __install_session_keyring(k) ({ NULL; }) | 307 | #define __install_session_keyring(k) ({ NULL; }) |
| 310 | #define copy_keys(f,t) 0 | 308 | #define copy_keys(f,t) 0 |
| 311 | #define copy_thread_group_keys(t) 0 | ||
| 312 | #define exit_keys(t) do { } while(0) | 309 | #define exit_keys(t) do { } while(0) |
| 313 | #define exit_thread_group_keys(tg) do { } while(0) | ||
| 314 | #define suid_keys(t) do { } while(0) | 310 | #define suid_keys(t) do { } while(0) |
| 315 | #define exec_keys(t) do { } while(0) | 311 | #define exec_keys(t) do { } while(0) |
| 316 | #define key_fsuid_changed(t) do { } while(0) | 312 | #define key_fsuid_changed(t) do { } while(0) |
diff --git a/include/linux/sched.h b/include/linux/sched.h index 740cf946c8cc..2913252989b3 100644 --- a/include/linux/sched.h +++ b/include/linux/sched.h | |||
| @@ -571,12 +571,6 @@ struct signal_struct { | |||
| 571 | */ | 571 | */ |
| 572 | struct rlimit rlim[RLIM_NLIMITS]; | 572 | struct rlimit rlim[RLIM_NLIMITS]; |
| 573 | 573 | ||
| 574 | /* keep the process-shared keyrings here so that they do the right | ||
| 575 | * thing in threads created with CLONE_THREAD */ | ||
| 576 | #ifdef CONFIG_KEYS | ||
| 577 | struct key *session_keyring; /* keyring inherited over fork */ | ||
| 578 | struct key *process_keyring; /* keyring private to this process */ | ||
| 579 | #endif | ||
| 580 | #ifdef CONFIG_BSD_PROCESS_ACCT | 574 | #ifdef CONFIG_BSD_PROCESS_ACCT |
| 581 | struct pacct_struct pacct; /* per-process accounting information */ | 575 | struct pacct_struct pacct; /* per-process accounting information */ |
| 582 | #endif | 576 | #endif |