keys: distinguish per-uid keys in different namespaces

per-uid keys were looked by uid only. Use the user namespace to distinguish the same uid in different namespaces. This does not address key_permission. So a task can for instance try to join a keyring owned by the same uid in another namespace. That will be handled by a separate patch. Signed-off-by: Serge E. Hallyn <serue@us.ibm.com> Acked-by: David Howells <dhowells@redhat.com> Signed-off-by: James Morris <jmorris@namei.org>
author: Serge E. Hallyn <serue@us.ibm.com> 2009-02-26 19:27:38 -0500
committer: James Morris <jmorris@namei.org> 2009-02-26 20:35:06 -0500
commit: 1d1e97562e5e2ac60fb7b25437ba619f95f67fab (patch)
tree: 68a9c52ecbff0782dd9b9438685afc3b40b6f707 /security/keys/process_keys.c
parent: be38e0fd5f90a91d09e0a85ffb294b70a7be6259 (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/security/keys/process_keys.c b/security/keys/process_keys.c
index 2f5d89e92b85..276d27882ce8 100644
--- a/security/keys/process_keys.c
+++ b/security/keys/process_keys.c
@@ -17,6 +17,7 @@
 #include <linux/fs.h>
 #include <linux/err.h>
 #include <linux/mutex.h>
+#include <linux/user_namespace.h>
 #include <asm/uaccess.h>
 #include "internal.h"
@@ -34,6 +35,7 @@ struct key_user root_key_user = {
        .nkeys          = ATOMIC_INIT(2),
        .nikeys         = ATOMIC_INIT(2),
        .uid            = 0,
+        .user_ns        = &init_user_ns,
 };
 /*****************************************************************************/
author	Serge E. Hallyn <serue@us.ibm.com>	2009-02-26 19:27:38 -0500
committer	James Morris <jmorris@namei.org>	2009-02-26 20:35:06 -0500
commit	1d1e97562e5e2ac60fb7b25437ba619f95f67fab (patch)
tree	68a9c52ecbff0782dd9b9438685afc3b40b6f707 /security/keys/process_keys.c
parent	be38e0fd5f90a91d09e0a85ffb294b70a7be6259 (diff)