aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authorDavid Howells <dhowells@redhat.com>2009-09-02 04:13:50 -0400
committerJames Morris <jmorris@namei.org>2009-09-02 07:29:06 -0400
commit0c2c9a3fc77e8b60d43d9bd2ca46eb4dddb0ff76 (patch)
treee718aa64ab3b5d4fd73f7a837ee9ea0debfcc773 /security
parent5593122eec26b061cc0b6fbff32118f1aadf4a27 (diff)
KEYS: Allow keyctl_revoke() on keys that have SETATTR but not WRITE perm [try #6]
Allow keyctl_revoke() to operate on keys that have SETATTR but not WRITE permission, rather than only on keys that have WRITE permission. Signed-off-by: David Howells <dhowells@redhat.com> Acked-by: Serge Hallyn <serue@us.ibm.com> Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security')
-rw-r--r--security/keys/keyctl.c8
1 files changed, 7 insertions, 1 deletions
diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c
index b85ace21839..1160b644dac 100644
--- a/security/keys/keyctl.c
+++ b/security/keys/keyctl.c
@@ -343,7 +343,13 @@ long keyctl_revoke_key(key_serial_t id)
343 key_ref = lookup_user_key(id, 0, KEY_WRITE); 343 key_ref = lookup_user_key(id, 0, KEY_WRITE);
344 if (IS_ERR(key_ref)) { 344 if (IS_ERR(key_ref)) {
345 ret = PTR_ERR(key_ref); 345 ret = PTR_ERR(key_ref);
346 goto error; 346 if (ret != -EACCES)
347 goto error;
348 key_ref = lookup_user_key(id, 0, KEY_SETATTR);
349 if (IS_ERR(key_ref)) {
350 ret = PTR_ERR(key_ref);
351 goto error;
352 }
347 } 353 }
348 354
349 key_revoke(key_ref_to_ptr(key_ref)); 355 key_revoke(key_ref_to_ptr(key_ref));