keys: distinguish per-uid keys in different namespaces

per-uid keys were looked by uid only. Use the user namespace to distinguish the same uid in different namespaces. This does not address key_permission. So a task can for instance try to join a keyring owned by the same uid in another namespace. That will be handled by a separate patch. Signed-off-by: Serge E. Hallyn <serue@us.ibm.com> Acked-by: David Howells <dhowells@redhat.com> Signed-off-by: James Morris <jmorris@namei.org>
author: Serge E. Hallyn <serue@us.ibm.com> 2009-02-26 18:27:38 -0600
committer: James Morris <jmorris@namei.org> 2009-02-27 12:35:06 +1100
commit: 1d1e97562e5e2ac60fb7b25437ba619f95f67fab (patch)
tree: 68a9c52ecbff0782dd9b9438685afc3b40b6f707 /security/keys/keyctl.c
parent: integrity: ima iint radix_tree_lookup locking fix (diff)
download: linux-dev-1d1e97562e5e2ac60fb7b25437ba619f95f67fab.tar.xz
linux-dev-1d1e97562e5e2ac60fb7b25437ba619f95f67fab.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c
index b1ec3b4ee17d..7f09fb897d2b 100644
--- a/security/keys/keyctl.c
+++ b/security/keys/keyctl.c
@@ -726,7 +726,7 @@ long keyctl_chown_key(key_serial_t id, uid_t uid, gid_t gid)
 	/* change the UID */
 	if (uid != (uid_t) -1 && uid != key->uid) {
 		ret = -ENOMEM;
-		newowner = key_user_lookup(uid);
+		newowner = key_user_lookup(uid, current_user_ns());
 		if (!newowner)
 			goto error_put;
author	Serge E. Hallyn <serue@us.ibm.com>	2009-02-26 18:27:38 -0600
committer	James Morris <jmorris@namei.org>	2009-02-27 12:35:06 +1100
commit	1d1e97562e5e2ac60fb7b25437ba619f95f67fab (patch)
tree	68a9c52ecbff0782dd9b9438685afc3b40b6f707 /security/keys/keyctl.c
parent	integrity: ima iint radix_tree_lookup locking fix (diff)
download	linux-dev-1d1e97562e5e2ac60fb7b25437ba619f95f67fab.tar.xz linux-dev-1d1e97562e5e2ac60fb7b25437ba619f95f67fab.zip