Merge branch 'next-queue' into next

author: James Morris <jmorris@namei.org> 2012-02-09 01:02:34 -0500
committer: James Morris <jmorris@namei.org> 2012-02-09 01:02:34 -0500
commit: 9e3ff38647a316e4f92d59b14c8f0eb13b33bb2c (patch)
tree: 2750d9fc94b8fb78d9982ea4a62d586e7f0a7862 /security/keys
parent: 2eb6038c51034bf7f9335b15ce9238a028fdd2d6 (diff)
parent: 4c2c392763a682354fac65b6a569adec4e4b5387 (diff)
1 files changed, 14 insertions, 1 deletions
diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c
index 0b3f5d72af1c..6523599e9ac0 100644
--- a/security/keys/keyctl.c
+++ b/security/keys/keyctl.c
@@ -388,11 +388,24 @@ long keyctl_keyring_clear(key_serial_t ringid)
        keyring_ref = lookup_user_key(ringid, KEY_LOOKUP_CREATE, KEY_WRITE);
        if (IS_ERR(keyring_ref)) {
                ret = PTR_ERR(keyring_ref);
+                /* Root is permitted to invalidate certain special keyrings */
+                if (capable(CAP_SYS_ADMIN)) {
+                        keyring_ref = lookup_user_key(ringid, 0, 0);
+                        if (IS_ERR(keyring_ref))
+                                goto error;
+                        if (test_bit(KEY_FLAG_ROOT_CAN_CLEAR,
+                                     &key_ref_to_ptr(keyring_ref)->flags))
+                                goto clear;
+                        goto error_put;
+                }
                goto error;
        }
+clear:
        ret = keyring_clear(key_ref_to_ptr(keyring_ref));
+error_put:
        key_ref_put(keyring_ref);
 error:
        return ret;
author	James Morris <jmorris@namei.org>	2012-02-09 01:02:34 -0500
committer	James Morris <jmorris@namei.org>	2012-02-09 01:02:34 -0500
commit	9e3ff38647a316e4f92d59b14c8f0eb13b33bb2c (patch)
tree	2750d9fc94b8fb78d9982ea4a62d586e7f0a7862 /security/keys
parent	2eb6038c51034bf7f9335b15ce9238a028fdd2d6 (diff)
parent	4c2c392763a682354fac65b6a569adec4e4b5387 (diff)

diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c index 0b3f5d72af1c..6523599e9ac0 100644 --- a/security/keys/keyctl.c +++ b/security/keys/keyctl.c
@@ -388,11 +388,24 @@ long keyctl_keyring_clear(key_serial_t ringid)
388	keyring_ref = lookup_user_key(ringid, KEY_LOOKUP_CREATE, KEY_WRITE);	388	keyring_ref = lookup_user_key(ringid, KEY_LOOKUP_CREATE, KEY_WRITE);
389	if (IS_ERR(keyring_ref)) {	389	if (IS_ERR(keyring_ref)) {
390	ret = PTR_ERR(keyring_ref);	390	ret = PTR_ERR(keyring_ref);
		391
		392	/* Root is permitted to invalidate certain special keyrings */
		393	if (capable(CAP_SYS_ADMIN)) {
		394	keyring_ref = lookup_user_key(ringid, 0, 0);
		395	if (IS_ERR(keyring_ref))
		396	goto error;
		397	if (test_bit(KEY_FLAG_ROOT_CAN_CLEAR,
		398	&key_ref_to_ptr(keyring_ref)->flags))
		399	goto clear;
		400	goto error_put;
		401	}
		402
391	goto error;	403	goto error;
392	}	404	}
393		405
		406	clear:
394	ret = keyring_clear(key_ref_to_ptr(keyring_ref));	407	ret = keyring_clear(key_ref_to_ptr(keyring_ref));
395		408	error_put:
396	key_ref_put(keyring_ref);	409	key_ref_put(keyring_ref);
397	error:	410	error:
398	return ret;	411	return ret;