diff options
Diffstat (limited to 'security/keys/process_keys.c')
| -rw-r--r-- | security/keys/process_keys.c | 15 |
1 files changed, 8 insertions, 7 deletions
diff --git a/security/keys/process_keys.c b/security/keys/process_keys.c index 54339cfd6734..a58f712605d8 100644 --- a/security/keys/process_keys.c +++ b/security/keys/process_keys.c | |||
| @@ -34,8 +34,7 @@ struct key_user root_key_user = { | |||
| 34 | .lock = __SPIN_LOCK_UNLOCKED(root_key_user.lock), | 34 | .lock = __SPIN_LOCK_UNLOCKED(root_key_user.lock), |
| 35 | .nkeys = ATOMIC_INIT(2), | 35 | .nkeys = ATOMIC_INIT(2), |
| 36 | .nikeys = ATOMIC_INIT(2), | 36 | .nikeys = ATOMIC_INIT(2), |
| 37 | .uid = 0, | 37 | .uid = GLOBAL_ROOT_UID, |
| 38 | .user_ns = &init_user_ns, | ||
| 39 | }; | 38 | }; |
| 40 | 39 | ||
| 41 | /* | 40 | /* |
| @@ -48,11 +47,13 @@ int install_user_keyrings(void) | |||
| 48 | struct key *uid_keyring, *session_keyring; | 47 | struct key *uid_keyring, *session_keyring; |
| 49 | char buf[20]; | 48 | char buf[20]; |
| 50 | int ret; | 49 | int ret; |
| 50 | uid_t uid; | ||
| 51 | 51 | ||
| 52 | cred = current_cred(); | 52 | cred = current_cred(); |
| 53 | user = cred->user; | 53 | user = cred->user; |
| 54 | uid = from_kuid(cred->user_ns, user->uid); | ||
| 54 | 55 | ||
| 55 | kenter("%p{%u}", user, user->uid); | 56 | kenter("%p{%u}", user, uid); |
| 56 | 57 | ||
| 57 | if (user->uid_keyring) { | 58 | if (user->uid_keyring) { |
| 58 | kleave(" = 0 [exist]"); | 59 | kleave(" = 0 [exist]"); |
| @@ -67,11 +68,11 @@ int install_user_keyrings(void) | |||
| 67 | * - there may be one in existence already as it may have been | 68 | * - there may be one in existence already as it may have been |
| 68 | * pinned by a session, but the user_struct pointing to it | 69 | * pinned by a session, but the user_struct pointing to it |
| 69 | * may have been destroyed by setuid */ | 70 | * may have been destroyed by setuid */ |
| 70 | sprintf(buf, "_uid.%u", user->uid); | 71 | sprintf(buf, "_uid.%u", uid); |
| 71 | 72 | ||
| 72 | uid_keyring = find_keyring_by_name(buf, true); | 73 | uid_keyring = find_keyring_by_name(buf, true); |
| 73 | if (IS_ERR(uid_keyring)) { | 74 | if (IS_ERR(uid_keyring)) { |
| 74 | uid_keyring = keyring_alloc(buf, user->uid, (gid_t) -1, | 75 | uid_keyring = keyring_alloc(buf, user->uid, INVALID_GID, |
| 75 | cred, KEY_ALLOC_IN_QUOTA, | 76 | cred, KEY_ALLOC_IN_QUOTA, |
| 76 | NULL); | 77 | NULL); |
| 77 | if (IS_ERR(uid_keyring)) { | 78 | if (IS_ERR(uid_keyring)) { |
| @@ -82,12 +83,12 @@ int install_user_keyrings(void) | |||
| 82 | 83 | ||
| 83 | /* get a default session keyring (which might also exist | 84 | /* get a default session keyring (which might also exist |
| 84 | * already) */ | 85 | * already) */ |
| 85 | sprintf(buf, "_uid_ses.%u", user->uid); | 86 | sprintf(buf, "_uid_ses.%u", uid); |
| 86 | 87 | ||
| 87 | session_keyring = find_keyring_by_name(buf, true); | 88 | session_keyring = find_keyring_by_name(buf, true); |
| 88 | if (IS_ERR(session_keyring)) { | 89 | if (IS_ERR(session_keyring)) { |
| 89 | session_keyring = | 90 | session_keyring = |
| 90 | keyring_alloc(buf, user->uid, (gid_t) -1, | 91 | keyring_alloc(buf, user->uid, INVALID_GID, |
| 91 | cred, KEY_ALLOC_IN_QUOTA, NULL); | 92 | cred, KEY_ALLOC_IN_QUOTA, NULL); |
| 92 | if (IS_ERR(session_keyring)) { | 93 | if (IS_ERR(session_keyring)) { |
| 93 | ret = PTR_ERR(session_keyring); | 94 | ret = PTR_ERR(session_keyring); |