diff options
author | David Howells <dhowells@redhat.com> | 2006-06-26 03:24:50 -0400 |
---|---|---|
committer | Linus Torvalds <torvalds@g5.osdl.org> | 2006-06-26 12:58:18 -0400 |
commit | 7e047ef5fe2d52e83020e856b1bf2556a6a2ce98 (patch) | |
tree | 97656e2c56a27be9d1da451dde627b693b8643f2 /security/selinux | |
parent | f116629d03655adaf7832b93b03c99391d09d4a7 (diff) |
[PATCH] keys: sort out key quota system
Add the ability for key creation to overrun the user's quota in some
circumstances - notably when a session keyring is created and assigned to a
process that didn't previously have one.
This means it's still possible to log in, should PAM require the creation of a
new session keyring, and fix an overburdened key quota.
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Diffstat (limited to 'security/selinux')
-rw-r--r-- | security/selinux/hooks.c | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 79c16e31c884..13384fef0d60 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
@@ -4264,7 +4264,8 @@ static int selinux_setprocattr(struct task_struct *p, | |||
4264 | 4264 | ||
4265 | #ifdef CONFIG_KEYS | 4265 | #ifdef CONFIG_KEYS |
4266 | 4266 | ||
4267 | static int selinux_key_alloc(struct key *k, struct task_struct *tsk) | 4267 | static int selinux_key_alloc(struct key *k, struct task_struct *tsk, |
4268 | unsigned long flags) | ||
4268 | { | 4269 | { |
4269 | struct task_security_struct *tsec = tsk->security; | 4270 | struct task_security_struct *tsec = tsk->security; |
4270 | struct key_security_struct *ksec; | 4271 | struct key_security_struct *ksec; |
@@ -4513,8 +4514,10 @@ static __init int selinux_init(void) | |||
4513 | 4514 | ||
4514 | #ifdef CONFIG_KEYS | 4515 | #ifdef CONFIG_KEYS |
4515 | /* Add security information to initial keyrings */ | 4516 | /* Add security information to initial keyrings */ |
4516 | security_key_alloc(&root_user_keyring, current); | 4517 | security_key_alloc(&root_user_keyring, current, |
4517 | security_key_alloc(&root_session_keyring, current); | 4518 | KEY_ALLOC_NOT_IN_QUOTA); |
4519 | security_key_alloc(&root_session_keyring, current, | ||
4520 | KEY_ALLOC_NOT_IN_QUOTA); | ||
4518 | #endif | 4521 | #endif |
4519 | 4522 | ||
4520 | return 0; | 4523 | return 0; |