CRED: Separate per-task-group keyrings from signal_struct

Separate per-task-group keyrings from signal_struct and dangle their anchor from the cred struct rather than the signal_struct. Signed-off-by: David Howells <dhowells@redhat.com> Reviewed-by: James Morris <jmorris@namei.org> Signed-off-by: James Morris <jmorris@namei.org>
author: David Howells <dhowells@redhat.com> 2008-11-13 18:39:20 -0500
committer: James Morris <jmorris@namei.org> 2008-11-13 18:39:20 -0500
commit: bb952bb98a7e479262c7eb25d5592545a3af147d (patch)
tree: 9a2158c07a22a5fbddcec412944d2e7534eecc8f /include/linux/cred.h
parent: 275bb41e9d058fbb327e7642f077e1beaeac162e (diff)
1 files changed, 16 insertions, 0 deletions
diff --git a/include/linux/cred.h b/include/linux/cred.h
index 166ce4ddba64..62b9e532422d 100644
--- a/include/linux/cred.h
+++ b/include/linux/cred.h
@@ -72,6 +72,21 @@ extern int in_group_p(gid_t);
 extern int in_egroup_p(gid_t);
 /*
+ * The common credentials for a thread group
+ * - shared by CLONE_THREAD
+ */
+#ifdef CONFIG_KEYS
+struct thread_group_cred {
+        atomic_t        usage;
+        pid_t           tgid;                   /* thread group process ID */
+        spinlock_t      lock;
+        struct key      *session_keyring;       /* keyring inherited over fork */
+        struct key      *process_keyring;       /* keyring private to this process */
+        struct rcu_head rcu;                    /* RCU deletion hook */
+};
+#endif
+/*
 * The security context of a task
 *
 * The parts of the context break down into two categories:
@@ -114,6 +129,7 @@ struct cred {
                                         * keys to */
        struct key      *thread_keyring; /* keyring private to this thread */
        struct key      *request_key_auth; /* assumed request_key authority */
+        struct thread_group_cred *tgcred; /* thread-group shared credentials */
 #endif
 #ifdef CONFIG_SECURITY
        void            *security;      /* subjective LSM security */
author	David Howells <dhowells@redhat.com>	2008-11-13 18:39:20 -0500
committer	James Morris <jmorris@namei.org>	2008-11-13 18:39:20 -0500
commit	bb952bb98a7e479262c7eb25d5592545a3af147d (patch)
tree	9a2158c07a22a5fbddcec412944d2e7534eecc8f /include/linux/cred.h
parent	275bb41e9d058fbb327e7642f077e1beaeac162e (diff)

diff --git a/include/linux/cred.h b/include/linux/cred.h index 166ce4ddba64..62b9e532422d 100644 --- a/include/linux/cred.h +++ b/include/linux/cred.h
@@ -72,6 +72,21 @@ extern int in_group_p(gid_t);
72	extern int in_egroup_p(gid_t);	72	extern int in_egroup_p(gid_t);
73		73
74	/*	74	/*
		75	* The common credentials for a thread group
		76	* - shared by CLONE_THREAD
		77	*/
		78	#ifdef CONFIG_KEYS
		79	struct thread_group_cred {
		80	atomic_t usage;
		81	pid_t tgid; /* thread group process ID */
		82	spinlock_t lock;
		83	struct key session_keyring; / keyring inherited over fork */
		84	struct key process_keyring; / keyring private to this process */
		85	struct rcu_head rcu; /* RCU deletion hook */
		86	};
		87	#endif
		88
		89	/*
75	* The security context of a task	90	* The security context of a task
76	*	91	*
77	* The parts of the context break down into two categories:	92	* The parts of the context break down into two categories:
@@ -114,6 +129,7 @@ struct cred {
114	* keys to */	129	* keys to */
115	struct key thread_keyring; / keyring private to this thread */	130	struct key thread_keyring; / keyring private to this thread */
116	struct key request_key_auth; / assumed request_key authority */	131	struct key request_key_auth; / assumed request_key authority */
		132	struct thread_group_cred tgcred; / thread-group shared credentials */
117	#endif	133	#endif
118	#ifdef CONFIG_SECURITY	134	#ifdef CONFIG_SECURITY
119	void security; / subjective LSM security */	135	void security; / subjective LSM security */