diff options
| author |   Eric W. Biederman <ebiederm@xmission.com> | 2012-02-08 07:53:04 -0800 |
|---|---|---|
| committer | Eric W. Biederman <ebiederm@xmission.com> | 2012-09-13 18:28:02 -0700 |
| commit | 9a56c2db49e7349c7963f0ce66c1ef578d44ebd3 (patch) | |
| tree | de29b56483bb00efabca3ba35c7001cab2aab7be /security/keys/request_key.c | |
| parent | userns: Convert drm to use kuid and kgid and struct pid where appropriate (diff) | |
| download | linux-dev-9a56c2db49e7349c7963f0ce66c1ef578d44ebd3.tar.xz linux-dev-9a56c2db49e7349c7963f0ce66c1ef578d44ebd3.zip | |
userns: Convert security/keys to the new userns infrastructure
- Replace key_user ->user_ns equality checks with kuid_has_mapping checks.
- Use from_kuid to generate key descriptions
- Use kuid_t and kgid_t and the associated helpers instead of uid_t and gid_t
- Avoid potential problems with file descriptor passing by displaying
keys in the user namespace of the opener of key status proc files.
Cc: linux-security-module@vger.kernel.org
Cc: keyrings@linux-nfs.org
Cc: David Howells <dhowells@redhat.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
Diffstat (limited to '')
| -rw-r--r-- | security/keys/request_key.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/security/keys/request_key.c b/security/keys/request_key.c index 000e75017520..66e21184b559 100644 --- a/security/keys/request_key.c +++ b/security/keys/request_key.c @@ -139,8 +139,8 @@ static int call_sbin_request_key(struct key_construction *cons, goto error_link; /* record the UID and GID */ - sprintf(uid_str, "%d", cred->fsuid); - sprintf(gid_str, "%d", cred->fsgid); + sprintf(uid_str, "%d", from_kuid(&init_user_ns, cred->fsuid)); + sprintf(gid_str, "%d", from_kgid(&init_user_ns, cred->fsgid)); /* we say which key is under construction */ sprintf(key_str, "%d", key->serial); @@ -442,7 +442,7 @@ static struct key *construct_key_and_link(struct key_type *type, kenter(""); - user = key_user_lookup(current_fsuid(), current_user_ns()); + user = key_user_lookup(current_fsuid()); if (!user) return ERR_PTR(-ENOMEM); |