aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSerge E. Hallyn <serue@us.ibm.com>2009-02-26 19:28:04 -0500
committerJames Morris <jmorris@namei.org>2009-02-26 20:35:15 -0500
commit454804ab0302b354e35d992d08e53fe03313baaf (patch)
treee01a4928e19ac2e8318bc88d0b79970cccc60665
parent2ea190d0a006ce5218baa6e798512652446a605a (diff)
keys: make procfiles per-user-namespace
Restrict the /proc/keys and /proc/key-users output to keys belonging to the same user namespace as the reading task. We may want to make this more complicated - so that any keys in a user-namespace which is belongs to the reading task are also shown. But let's see if anyone wants that first. Signed-off-by: Serge E. Hallyn <serue@us.ibm.com> Acked-by: David Howells <dhowells@redhat.com> Signed-off-by: James Morris <jmorris@namei.org>
-rw-r--r--security/keys/proc.c55
1 files changed, 49 insertions, 6 deletions
diff --git a/security/keys/proc.c b/security/keys/proc.c
index 7f508def50e3..769f9bdfd2b3 100644
--- a/security/keys/proc.c
+++ b/security/keys/proc.c
@@ -91,6 +91,28 @@ __initcall(key_proc_init);
91 */ 91 */
92#ifdef CONFIG_KEYS_DEBUG_PROC_KEYS 92#ifdef CONFIG_KEYS_DEBUG_PROC_KEYS
93 93
94static struct rb_node *__key_serial_next(struct rb_node *n)
95{
96 while (n) {
97 struct key *key = rb_entry(n, struct key, serial_node);
98 if (key->user->user_ns == current_user_ns())
99 break;
100 n = rb_next(n);
101 }
102 return n;
103}
104
105static struct rb_node *key_serial_next(struct rb_node *n)
106{
107 return __key_serial_next(rb_next(n));
108}
109
110static struct rb_node *key_serial_first(struct rb_root *r)
111{
112 struct rb_node *n = rb_first(r);
113 return __key_serial_next(n);
114}
115
94static int proc_keys_open(struct inode *inode, struct file *file) 116static int proc_keys_open(struct inode *inode, struct file *file)
95{ 117{
96 return seq_open(file, &proc_keys_ops); 118 return seq_open(file, &proc_keys_ops);
@@ -104,10 +126,10 @@ static void *proc_keys_start(struct seq_file *p, loff_t *_pos)
104 126
105 spin_lock(&key_serial_lock); 127 spin_lock(&key_serial_lock);
106 128
107 _p = rb_first(&key_serial_tree); 129 _p = key_serial_first(&key_serial_tree);
108 while (pos > 0 && _p) { 130 while (pos > 0 && _p) {
109 pos--; 131 pos--;
110 _p = rb_next(_p); 132 _p = key_serial_next(_p);
111 } 133 }
112 134
113 return _p; 135 return _p;
@@ -117,7 +139,7 @@ static void *proc_keys_start(struct seq_file *p, loff_t *_pos)
117static void *proc_keys_next(struct seq_file *p, void *v, loff_t *_pos) 139static void *proc_keys_next(struct seq_file *p, void *v, loff_t *_pos)
118{ 140{
119 (*_pos)++; 141 (*_pos)++;
120 return rb_next((struct rb_node *) v); 142 return key_serial_next((struct rb_node *) v);
121 143
122} 144}
123 145
@@ -203,6 +225,27 @@ static int proc_keys_show(struct seq_file *m, void *v)
203 225
204#endif /* CONFIG_KEYS_DEBUG_PROC_KEYS */ 226#endif /* CONFIG_KEYS_DEBUG_PROC_KEYS */
205 227
228static struct rb_node *__key_user_next(struct rb_node *n)
229{
230 while (n) {
231 struct key_user *user = rb_entry(n, struct key_user, node);
232 if (user->user_ns == current_user_ns())
233 break;
234 n = rb_next(n);
235 }
236 return n;
237}
238
239static struct rb_node *key_user_next(struct rb_node *n)
240{
241 return __key_user_next(rb_next(n));
242}
243
244static struct rb_node *key_user_first(struct rb_root *r)
245{
246 struct rb_node *n = rb_first(r);
247 return __key_user_next(n);
248}
206/*****************************************************************************/ 249/*****************************************************************************/
207/* 250/*
208 * implement "/proc/key-users" to provides a list of the key users 251 * implement "/proc/key-users" to provides a list of the key users
@@ -220,10 +263,10 @@ static void *proc_key_users_start(struct seq_file *p, loff_t *_pos)
220 263
221 spin_lock(&key_user_lock); 264 spin_lock(&key_user_lock);
222 265
223 _p = rb_first(&key_user_tree); 266 _p = key_user_first(&key_user_tree);
224 while (pos > 0 && _p) { 267 while (pos > 0 && _p) {
225 pos--; 268 pos--;
226 _p = rb_next(_p); 269 _p = key_user_next(_p);
227 } 270 }
228 271
229 return _p; 272 return _p;
@@ -233,7 +276,7 @@ static void *proc_key_users_start(struct seq_file *p, loff_t *_pos)
233static void *proc_key_users_next(struct seq_file *p, void *v, loff_t *_pos) 276static void *proc_key_users_next(struct seq_file *p, void *v, loff_t *_pos)
234{ 277{
235 (*_pos)++; 278 (*_pos)++;
236 return rb_next((struct rb_node *) v); 279 return key_user_next((struct rb_node *) v);
237 280
238} 281}
239 282