diff options
| author | Michael Halcrow <mhalcrow@us.ibm.com> | 2008-04-29 03:59:52 -0400 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2008-04-29 11:06:07 -0400 |
| commit | 6a3fd92e73fffd9e583650c56ad9558afe51dc5c (patch) | |
| tree | d65917432ffd0e6223dab3500819205433de22bd /fs/ecryptfs/netlink.c | |
| parent | f66e883eb6186bc43a79581b67aff7d1a69d0ff1 (diff) | |
eCryptfs: make key module subsystem respect namespaces
Make eCryptfs key module subsystem respect namespaces.
Since I will be removing the netlink interface in a future patch, I just made
changes to the netlink.c code so that it will not break the build. With my
recent patches, the kernel module currently defaults to the device handle
interface rather than the netlink interface.
[akpm@linux-foundation.org: export free_user_ns()]
Signed-off-by: Michael Halcrow <mhalcrow@us.ibm.com>
Acked-by: Serge Hallyn <serue@us.ibm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'fs/ecryptfs/netlink.c')
| -rw-r--r-- | fs/ecryptfs/netlink.c | 25 |
1 files changed, 16 insertions, 9 deletions
diff --git a/fs/ecryptfs/netlink.c b/fs/ecryptfs/netlink.c index eb70f69d705d..e0abad62b395 100644 --- a/fs/ecryptfs/netlink.c +++ b/fs/ecryptfs/netlink.c | |||
| @@ -45,7 +45,7 @@ static struct sock *ecryptfs_nl_sock; | |||
| 45 | */ | 45 | */ |
| 46 | int ecryptfs_send_netlink(char *data, int data_len, | 46 | int ecryptfs_send_netlink(char *data, int data_len, |
| 47 | struct ecryptfs_msg_ctx *msg_ctx, u8 msg_type, | 47 | struct ecryptfs_msg_ctx *msg_ctx, u8 msg_type, |
| 48 | u16 msg_flags, pid_t daemon_pid) | 48 | u16 msg_flags, struct pid *daemon_pid) |
| 49 | { | 49 | { |
| 50 | struct sk_buff *skb; | 50 | struct sk_buff *skb; |
| 51 | struct nlmsghdr *nlh; | 51 | struct nlmsghdr *nlh; |
| @@ -60,7 +60,7 @@ int ecryptfs_send_netlink(char *data, int data_len, | |||
| 60 | ecryptfs_printk(KERN_ERR, "Failed to allocate socket buffer\n"); | 60 | ecryptfs_printk(KERN_ERR, "Failed to allocate socket buffer\n"); |
| 61 | goto out; | 61 | goto out; |
| 62 | } | 62 | } |
| 63 | nlh = NLMSG_PUT(skb, daemon_pid, msg_ctx ? msg_ctx->counter : 0, | 63 | nlh = NLMSG_PUT(skb, pid_nr(daemon_pid), msg_ctx ? msg_ctx->counter : 0, |
| 64 | msg_type, payload_len); | 64 | msg_type, payload_len); |
| 65 | nlh->nlmsg_flags = msg_flags; | 65 | nlh->nlmsg_flags = msg_flags; |
| 66 | if (msg_ctx && payload_len) { | 66 | if (msg_ctx && payload_len) { |
| @@ -69,7 +69,7 @@ int ecryptfs_send_netlink(char *data, int data_len, | |||
| 69 | msg->data_len = data_len; | 69 | msg->data_len = data_len; |
| 70 | memcpy(msg->data, data, data_len); | 70 | memcpy(msg->data, data, data_len); |
| 71 | } | 71 | } |
| 72 | rc = netlink_unicast(ecryptfs_nl_sock, skb, daemon_pid, 0); | 72 | rc = netlink_unicast(ecryptfs_nl_sock, skb, pid_nr(daemon_pid), 0); |
| 73 | if (rc < 0) { | 73 | if (rc < 0) { |
| 74 | ecryptfs_printk(KERN_ERR, "Failed to send eCryptfs netlink " | 74 | ecryptfs_printk(KERN_ERR, "Failed to send eCryptfs netlink " |
| 75 | "message; rc = [%d]\n", rc); | 75 | "message; rc = [%d]\n", rc); |
| @@ -99,6 +99,7 @@ static int ecryptfs_process_nl_response(struct sk_buff *skb) | |||
| 99 | { | 99 | { |
| 100 | struct nlmsghdr *nlh = nlmsg_hdr(skb); | 100 | struct nlmsghdr *nlh = nlmsg_hdr(skb); |
| 101 | struct ecryptfs_message *msg = NLMSG_DATA(nlh); | 101 | struct ecryptfs_message *msg = NLMSG_DATA(nlh); |
| 102 | struct pid *pid; | ||
| 102 | int rc; | 103 | int rc; |
| 103 | 104 | ||
| 104 | if (skb->len - NLMSG_HDRLEN - sizeof(*msg) != msg->data_len) { | 105 | if (skb->len - NLMSG_HDRLEN - sizeof(*msg) != msg->data_len) { |
| @@ -107,8 +108,10 @@ static int ecryptfs_process_nl_response(struct sk_buff *skb) | |||
| 107 | "incorrectly specified data length\n"); | 108 | "incorrectly specified data length\n"); |
| 108 | goto out; | 109 | goto out; |
| 109 | } | 110 | } |
| 110 | rc = ecryptfs_process_response(msg, NETLINK_CREDS(skb)->uid, | 111 | pid = find_get_pid(NETLINK_CREDS(skb)->pid); |
| 111 | NETLINK_CREDS(skb)->pid, nlh->nlmsg_seq); | 112 | rc = ecryptfs_process_response(msg, NETLINK_CREDS(skb)->uid, NULL, |
| 113 | pid, nlh->nlmsg_seq); | ||
| 114 | put_pid(pid); | ||
| 112 | if (rc) | 115 | if (rc) |
| 113 | printk(KERN_ERR | 116 | printk(KERN_ERR |
| 114 | "Error processing response message; rc = [%d]\n", rc); | 117 | "Error processing response message; rc = [%d]\n", rc); |
| @@ -126,11 +129,13 @@ out: | |||
| 126 | */ | 129 | */ |
| 127 | static int ecryptfs_process_nl_helo(struct sk_buff *skb) | 130 | static int ecryptfs_process_nl_helo(struct sk_buff *skb) |
| 128 | { | 131 | { |
| 132 | struct pid *pid; | ||
| 129 | int rc; | 133 | int rc; |
| 130 | 134 | ||
| 135 | pid = find_get_pid(NETLINK_CREDS(skb)->pid); | ||
| 131 | rc = ecryptfs_process_helo(ECRYPTFS_TRANSPORT_NETLINK, | 136 | rc = ecryptfs_process_helo(ECRYPTFS_TRANSPORT_NETLINK, |
| 132 | NETLINK_CREDS(skb)->uid, | 137 | NETLINK_CREDS(skb)->uid, NULL, pid); |
| 133 | NETLINK_CREDS(skb)->pid); | 138 | put_pid(pid); |
| 134 | if (rc) | 139 | if (rc) |
| 135 | printk(KERN_WARNING "Error processing HELO; rc = [%d]\n", rc); | 140 | printk(KERN_WARNING "Error processing HELO; rc = [%d]\n", rc); |
| 136 | return rc; | 141 | return rc; |
| @@ -147,10 +152,12 @@ static int ecryptfs_process_nl_helo(struct sk_buff *skb) | |||
| 147 | */ | 152 | */ |
| 148 | static int ecryptfs_process_nl_quit(struct sk_buff *skb) | 153 | static int ecryptfs_process_nl_quit(struct sk_buff *skb) |
| 149 | { | 154 | { |
| 155 | struct pid *pid; | ||
| 150 | int rc; | 156 | int rc; |
| 151 | 157 | ||
| 152 | rc = ecryptfs_process_quit(NETLINK_CREDS(skb)->uid, | 158 | pid = find_get_pid(NETLINK_CREDS(skb)->pid); |
| 153 | NETLINK_CREDS(skb)->pid); | 159 | rc = ecryptfs_process_quit(NETLINK_CREDS(skb)->uid, NULL, pid); |
| 160 | put_pid(pid); | ||
| 154 | if (rc) | 161 | if (rc) |
| 155 | printk(KERN_WARNING | 162 | printk(KERN_WARNING |
| 156 | "Error processing QUIT message; rc = [%d]\n", rc); | 163 | "Error processing QUIT message; rc = [%d]\n", rc); |