Merge remote-tracking branch 'integrity/next-with-keys' into keys-next

Signed-off-by: David Howells <dhowells@redhat.com>
author: David Howells <dhowells@redhat.com> 2014-07-22 21:54:43 +0100
committer: David Howells <dhowells@redhat.com> 2014-07-22 21:54:43 +0100
commit: 64724cfc6eea920dbaada14f0fb978b1dd31192d (patch)
tree: d2f491be07a05e2d96b5c8b8e5a0a878f285eb22 /security/keys/keyctl.c
parent: Merge tag 'keys-pefile-20140709' into keys-next (diff)
parent: ima: define '.ima' as a builtin 'trusted' keyring (diff)
download: linux-dev-64724cfc6eea920dbaada14f0fb978b1dd31192d.tar.xz
linux-dev-64724cfc6eea920dbaada14f0fb978b1dd31192d.zip
1 files changed, 4 insertions, 2 deletions
diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c
index cd5bd0cef25d..8a8c23357291 100644
--- a/security/keys/keyctl.c
+++ b/security/keys/keyctl.c
@@ -37,8 +37,6 @@ static int key_get_type_from_user(char *type,
 		return ret;
 	if (ret == 0 || ret >= len)
 		return -EINVAL;
-	if (type[0] == '.')
-		return -EPERM;
 	type[len - 1] = '\0';
 	return 0;
 }
@@ -86,6 +84,10 @@ SYSCALL_DEFINE5(add_key, const char __user *, _type,
 		if (!*description) {
 			kfree(description);
 			description = NULL;
+		} else if ((description[0] == '.') &&
+			   (strncmp(type, "keyring", 7) == 0)) {
+			ret = -EPERM;
+			goto error2;
 		}
 	}
author	David Howells <dhowells@redhat.com>	2014-07-22 21:54:43 +0100
committer	David Howells <dhowells@redhat.com>	2014-07-22 21:54:43 +0100
commit	64724cfc6eea920dbaada14f0fb978b1dd31192d (patch)
tree	d2f491be07a05e2d96b5c8b8e5a0a878f285eb22 /security/keys/keyctl.c
parent	Merge tag 'keys-pefile-20140709' into keys-next (diff)
parent	ima: define '.ima' as a builtin 'trusted' keyring (diff)
download	linux-dev-64724cfc6eea920dbaada14f0fb978b1dd31192d.tar.xz linux-dev-64724cfc6eea920dbaada14f0fb978b1dd31192d.zip