diff options
| author | David Howells <dhowells@redhat.com> | 2006-06-26 03:24:50 -0400 |
|---|---|---|
| committer | Linus Torvalds <torvalds@g5.osdl.org> | 2006-06-26 12:58:18 -0400 |
| commit | 7e047ef5fe2d52e83020e856b1bf2556a6a2ce98 (patch) | |
| tree | 97656e2c56a27be9d1da451dde627b693b8643f2 /include/linux/security.h | |
| parent | f116629d03655adaf7832b93b03c99391d09d4a7 (diff) | |
[PATCH] keys: sort out key quota system
Add the ability for key creation to overrun the user's quota in some
circumstances - notably when a session keyring is created and assigned to a
process that didn't previously have one.
This means it's still possible to log in, should PAM require the creation of a
new session keyring, and fix an overburdened key quota.
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Diffstat (limited to 'include/linux/security.h')
| -rw-r--r-- | include/linux/security.h | 11 |
1 files changed, 7 insertions, 4 deletions
diff --git a/include/linux/security.h b/include/linux/security.h index d2c17bd91a29..51805806f974 100644 --- a/include/linux/security.h +++ b/include/linux/security.h | |||
| @@ -862,6 +862,7 @@ struct swap_info_struct; | |||
| 862 | * Permit allocation of a key and assign security data. Note that key does | 862 | * Permit allocation of a key and assign security data. Note that key does |
| 863 | * not have a serial number assigned at this point. | 863 | * not have a serial number assigned at this point. |
| 864 | * @key points to the key. | 864 | * @key points to the key. |
| 865 | * @flags is the allocation flags | ||
| 865 | * Return 0 if permission is granted, -ve error otherwise. | 866 | * Return 0 if permission is granted, -ve error otherwise. |
| 866 | * @key_free: | 867 | * @key_free: |
| 867 | * Notification of destruction; free security data. | 868 | * Notification of destruction; free security data. |
| @@ -1324,7 +1325,7 @@ struct security_operations { | |||
| 1324 | 1325 | ||
| 1325 | /* key management security hooks */ | 1326 | /* key management security hooks */ |
| 1326 | #ifdef CONFIG_KEYS | 1327 | #ifdef CONFIG_KEYS |
| 1327 | int (*key_alloc)(struct key *key, struct task_struct *tsk); | 1328 | int (*key_alloc)(struct key *key, struct task_struct *tsk, unsigned long flags); |
| 1328 | void (*key_free)(struct key *key); | 1329 | void (*key_free)(struct key *key); |
| 1329 | int (*key_permission)(key_ref_t key_ref, | 1330 | int (*key_permission)(key_ref_t key_ref, |
| 1330 | struct task_struct *context, | 1331 | struct task_struct *context, |
| @@ -3040,9 +3041,10 @@ static inline int security_xfrm_policy_lookup(struct xfrm_policy *xp, u32 sk_sid | |||
| 3040 | #ifdef CONFIG_KEYS | 3041 | #ifdef CONFIG_KEYS |
| 3041 | #ifdef CONFIG_SECURITY | 3042 | #ifdef CONFIG_SECURITY |
| 3042 | static inline int security_key_alloc(struct key *key, | 3043 | static inline int security_key_alloc(struct key *key, |
| 3043 | struct task_struct *tsk) | 3044 | struct task_struct *tsk, |
| 3045 | unsigned long flags) | ||
| 3044 | { | 3046 | { |
| 3045 | return security_ops->key_alloc(key, tsk); | 3047 | return security_ops->key_alloc(key, tsk, flags); |
| 3046 | } | 3048 | } |
| 3047 | 3049 | ||
| 3048 | static inline void security_key_free(struct key *key) | 3050 | static inline void security_key_free(struct key *key) |
| @@ -3060,7 +3062,8 @@ static inline int security_key_permission(key_ref_t key_ref, | |||
| 3060 | #else | 3062 | #else |
| 3061 | 3063 | ||
| 3062 | static inline int security_key_alloc(struct key *key, | 3064 | static inline int security_key_alloc(struct key *key, |
| 3063 | struct task_struct *tsk) | 3065 | struct task_struct *tsk, |
| 3066 | unsigned long flags) | ||
| 3064 | { | 3067 | { |
| 3065 | return 0; | 3068 | return 0; |
| 3066 | } | 3069 | } |