aboutsummaryrefslogtreecommitdiffstats
path: root/security/selinux
diff options
context:
space:
mode:
authorDavid Howells <dhowells@redhat.com>2006-06-26 03:24:50 -0400
committerLinus Torvalds <torvalds@g5.osdl.org>2006-06-26 12:58:18 -0400
commit7e047ef5fe2d52e83020e856b1bf2556a6a2ce98 (patch)
tree97656e2c56a27be9d1da451dde627b693b8643f2 /security/selinux
parentf116629d03655adaf7832b93b03c99391d09d4a7 (diff)
[PATCH] keys: sort out key quota system
Add the ability for key creation to overrun the user's quota in some circumstances - notably when a session keyring is created and assigned to a process that didn't previously have one. This means it's still possible to log in, should PAM require the creation of a new session keyring, and fix an overburdened key quota. Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Diffstat (limited to 'security/selinux')
-rw-r--r--security/selinux/hooks.c9
1 files changed, 6 insertions, 3 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 79c16e31c884..13384fef0d60 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -4264,7 +4264,8 @@ static int selinux_setprocattr(struct task_struct *p,
4264 4264
4265#ifdef CONFIG_KEYS 4265#ifdef CONFIG_KEYS
4266 4266
4267static int selinux_key_alloc(struct key *k, struct task_struct *tsk) 4267static int selinux_key_alloc(struct key *k, struct task_struct *tsk,
4268 unsigned long flags)
4268{ 4269{
4269 struct task_security_struct *tsec = tsk->security; 4270 struct task_security_struct *tsec = tsk->security;
4270 struct key_security_struct *ksec; 4271 struct key_security_struct *ksec;
@@ -4513,8 +4514,10 @@ static __init int selinux_init(void)
4513 4514
4514#ifdef CONFIG_KEYS 4515#ifdef CONFIG_KEYS
4515 /* Add security information to initial keyrings */ 4516 /* Add security information to initial keyrings */
4516 security_key_alloc(&root_user_keyring, current); 4517 security_key_alloc(&root_user_keyring, current,
4517 security_key_alloc(&root_session_keyring, current); 4518 KEY_ALLOC_NOT_IN_QUOTA);
4519 security_key_alloc(&root_session_keyring, current,
4520 KEY_ALLOC_NOT_IN_QUOTA);
4518#endif 4521#endif
4519 4522
4520 return 0; 4523 return 0;