aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authorDavid Howells <dhowells@redhat.com>2014-07-22 16:55:45 -0400
committerDavid Howells <dhowells@redhat.com>2014-07-22 16:55:45 -0400
commit633706a2ee81637be37b6bc02c5336950cc163b5 (patch)
tree5dad64c393d3b12276b35c5835c40c6d78f606a2 /security
parent64724cfc6eea920dbaada14f0fb978b1dd31192d (diff)
parent0d1f64f60b4c50a8c604010ad3eef5cdfe9926bc (diff)
Merge branch 'keys-fixes' into keys-next
Signed-off-by: David Howells <dhowells@redhat.com>
Diffstat (limited to 'security')
-rw-r--r--security/keys/keyctl.c15
1 files changed, 14 insertions, 1 deletions
diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c
index 8a8c23357291..e26f860e5f2e 100644
--- a/security/keys/keyctl.c
+++ b/security/keys/keyctl.c
@@ -406,12 +406,25 @@ long keyctl_invalidate_key(key_serial_t id)
406 key_ref = lookup_user_key(id, 0, KEY_NEED_SEARCH); 406 key_ref = lookup_user_key(id, 0, KEY_NEED_SEARCH);
407 if (IS_ERR(key_ref)) { 407 if (IS_ERR(key_ref)) {
408 ret = PTR_ERR(key_ref); 408 ret = PTR_ERR(key_ref);
409
410 /* Root is permitted to invalidate certain special keys */
411 if (capable(CAP_SYS_ADMIN)) {
412 key_ref = lookup_user_key(id, 0, 0);
413 if (IS_ERR(key_ref))
414 goto error;
415 if (test_bit(KEY_FLAG_ROOT_CAN_INVAL,
416 &key_ref_to_ptr(key_ref)->flags))
417 goto invalidate;
418 goto error_put;
419 }
420
409 goto error; 421 goto error;
410 } 422 }
411 423
424invalidate:
412 key_invalidate(key_ref_to_ptr(key_ref)); 425 key_invalidate(key_ref_to_ptr(key_ref));
413 ret = 0; 426 ret = 0;
414 427error_put:
415 key_ref_put(key_ref); 428 key_ref_put(key_ref);
416error: 429error:
417 kleave(" = %ld", ret); 430 kleave(" = %ld", ret);