diff options
author | David Howells <dhowells@redhat.com> | 2014-07-22 16:55:45 -0400 |
---|---|---|
committer | David Howells <dhowells@redhat.com> | 2014-07-22 16:55:45 -0400 |
commit | 633706a2ee81637be37b6bc02c5336950cc163b5 (patch) | |
tree | 5dad64c393d3b12276b35c5835c40c6d78f606a2 /security | |
parent | 64724cfc6eea920dbaada14f0fb978b1dd31192d (diff) | |
parent | 0d1f64f60b4c50a8c604010ad3eef5cdfe9926bc (diff) |
Merge branch 'keys-fixes' into keys-next
Signed-off-by: David Howells <dhowells@redhat.com>
Diffstat (limited to 'security')
-rw-r--r-- | security/keys/keyctl.c | 15 |
1 files changed, 14 insertions, 1 deletions
diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c index 8a8c23357291..e26f860e5f2e 100644 --- a/security/keys/keyctl.c +++ b/security/keys/keyctl.c | |||
@@ -406,12 +406,25 @@ long keyctl_invalidate_key(key_serial_t id) | |||
406 | key_ref = lookup_user_key(id, 0, KEY_NEED_SEARCH); | 406 | key_ref = lookup_user_key(id, 0, KEY_NEED_SEARCH); |
407 | if (IS_ERR(key_ref)) { | 407 | if (IS_ERR(key_ref)) { |
408 | ret = PTR_ERR(key_ref); | 408 | ret = PTR_ERR(key_ref); |
409 | |||
410 | /* Root is permitted to invalidate certain special keys */ | ||
411 | if (capable(CAP_SYS_ADMIN)) { | ||
412 | key_ref = lookup_user_key(id, 0, 0); | ||
413 | if (IS_ERR(key_ref)) | ||
414 | goto error; | ||
415 | if (test_bit(KEY_FLAG_ROOT_CAN_INVAL, | ||
416 | &key_ref_to_ptr(key_ref)->flags)) | ||
417 | goto invalidate; | ||
418 | goto error_put; | ||
419 | } | ||
420 | |||
409 | goto error; | 421 | goto error; |
410 | } | 422 | } |
411 | 423 | ||
424 | invalidate: | ||
412 | key_invalidate(key_ref_to_ptr(key_ref)); | 425 | key_invalidate(key_ref_to_ptr(key_ref)); |
413 | ret = 0; | 426 | ret = 0; |
414 | 427 | error_put: | |
415 | key_ref_put(key_ref); | 428 | key_ref_put(key_ref); |
416 | error: | 429 | error: |
417 | kleave(" = %ld", ret); | 430 | kleave(" = %ld", ret); |