diff options
author | Serge E. Hallyn <serue@us.ibm.com> | 2009-02-26 19:27:38 -0500 |
---|---|---|
committer | James Morris <jmorris@namei.org> | 2009-02-26 20:35:06 -0500 |
commit | 1d1e97562e5e2ac60fb7b25437ba619f95f67fab (patch) | |
tree | 68a9c52ecbff0782dd9b9438685afc3b40b6f707 /security/keys/internal.h | |
parent | be38e0fd5f90a91d09e0a85ffb294b70a7be6259 (diff) |
keys: distinguish per-uid keys in different namespaces
per-uid keys were looked by uid only. Use the user namespace
to distinguish the same uid in different namespaces.
This does not address key_permission. So a task can for instance
try to join a keyring owned by the same uid in another namespace.
That will be handled by a separate patch.
Signed-off-by: Serge E. Hallyn <serue@us.ibm.com>
Acked-by: David Howells <dhowells@redhat.com>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/keys/internal.h')
-rw-r--r-- | security/keys/internal.h | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/security/keys/internal.h b/security/keys/internal.h index 81932abefe7..9fb679c66b8 100644 --- a/security/keys/internal.h +++ b/security/keys/internal.h | |||
@@ -53,6 +53,7 @@ struct key_user { | |||
53 | atomic_t nkeys; /* number of keys */ | 53 | atomic_t nkeys; /* number of keys */ |
54 | atomic_t nikeys; /* number of instantiated keys */ | 54 | atomic_t nikeys; /* number of instantiated keys */ |
55 | uid_t uid; | 55 | uid_t uid; |
56 | struct user_namespace *user_ns; | ||
56 | int qnkeys; /* number of keys allocated to this user */ | 57 | int qnkeys; /* number of keys allocated to this user */ |
57 | int qnbytes; /* number of bytes allocated to this user */ | 58 | int qnbytes; /* number of bytes allocated to this user */ |
58 | }; | 59 | }; |
@@ -61,7 +62,8 @@ extern struct rb_root key_user_tree; | |||
61 | extern spinlock_t key_user_lock; | 62 | extern spinlock_t key_user_lock; |
62 | extern struct key_user root_key_user; | 63 | extern struct key_user root_key_user; |
63 | 64 | ||
64 | extern struct key_user *key_user_lookup(uid_t uid); | 65 | extern struct key_user *key_user_lookup(uid_t uid, |
66 | struct user_namespace *user_ns); | ||
65 | extern void key_user_put(struct key_user *user); | 67 | extern void key_user_put(struct key_user *user); |
66 | 68 | ||
67 | /* | 69 | /* |