| Message ID | 155024699041.21651.17284583580026798362.stgit@warthog.procyon.org.uk (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show
Return-Path: <linux-nfs-owner@kernel.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
[172.30.200.125])
by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id EB5C317D5
for <patchwork-linux-nfs@patchwork.kernel.org>;
Fri, 15 Feb 2019 16:10:08 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
by mail.wl.linuxfoundation.org (Postfix) with ESMTP id DB42D2FA71
for <patchwork-linux-nfs@patchwork.kernel.org>;
Fri, 15 Feb 2019 16:10:08 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
id CFAEE2FA80; Fri, 15 Feb 2019 16:10:08 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
pdx-wl-mail.web.codeaurora.org
X-Spam-Level:
X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI,
RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
by mail.wl.linuxfoundation.org (Postfix) with ESMTP id AB65B2FA7F
for <patchwork-linux-nfs@patchwork.kernel.org>;
Fri, 15 Feb 2019 16:10:07 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S1729742AbfBOQKA (ORCPT
<rfc822;patchwork-linux-nfs@patchwork.kernel.org>);
Fri, 15 Feb 2019 11:10:00 -0500
Received: from mx1.redhat.com ([209.132.183.28]:15175 "EHLO mx1.redhat.com"
rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
id S1726335AbfBOQKA (ORCPT <rfc822;linux-nfs@vger.kernel.org>);
Fri, 15 Feb 2019 11:10:00 -0500
Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com
[10.5.11.14])
(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
(No client certificate requested)
by mx1.redhat.com (Postfix) with ESMTPS id C5CD531A10D;
Fri, 15 Feb 2019 16:09:59 +0000 (UTC)
Received: from warthog.procyon.org.uk (ovpn-121-129.rdu2.redhat.com
[10.10.121.129])
by smtp.corp.redhat.com (Postfix) with ESMTP id 33A415DD6B;
Fri, 15 Feb 2019 16:09:51 +0000 (UTC)
Organization: Red Hat UK Ltd. Registered Address: Red Hat UK Ltd, Amberley
Place, 107-111 Peascod Street, Windsor, Berkshire, SI4 1TE, United
Kingdom.
Registered in England and Wales under Company Registration No. 3798903
Subject: [RFC PATCH 16/27] keys: Grant Link permission to possessers of
request_key auth keys
From: David Howells <dhowells@redhat.com>
To: keyrings@vger.kernel.org, trond.myklebust@hammerspace.com,
sfrench@samba.org
Cc: linux-security-module@vger.kernel.org, linux-nfs@vger.kernel.org,
linux-cifs@vger.kernel.org, linux-fsdevel@vger.kernel.org,
rgb@redhat.com, dhowells@redhat.com, linux-kernel@vger.kernel.org
Date: Fri, 15 Feb 2019 16:09:50 +0000
Message-ID:
<155024699041.21651.17284583580026798362.stgit@warthog.procyon.org.uk>
In-Reply-To:
<155024683432.21651.14153938339749694146.stgit@warthog.procyon.org.uk>
References:
<155024683432.21651.14153938339749694146.stgit@warthog.procyon.org.uk>
User-Agent: StGit/unknown-version
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14
X-Greylist: Sender IP whitelisted,
not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.29]);
Fri, 15 Feb 2019 16:09:59 +0000 (UTC)
Sender: linux-nfs-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-nfs.vger.kernel.org>
X-Mailing-List: linux-nfs@vger.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP
|
| Series |
Containers and using authenticated filesystems
|
expand
|
diff --git a/security/keys/request_key_auth.c b/security/keys/request_key_auth.c index cd75173cadad..726555a0639c 100644 --- a/security/keys/request_key_auth.c +++ b/security/keys/request_key_auth.c @@ -208,7 +208,7 @@ struct key *request_key_auth_new(struct key *target, const char *op, authkey = key_alloc(&key_type_request_key_auth, desc, cred->fsuid, cred->fsgid, cred, - KEY_POS_VIEW | KEY_POS_READ | KEY_POS_SEARCH | + KEY_POS_VIEW | KEY_POS_READ | KEY_POS_SEARCH | KEY_POS_LINK | KEY_USR_VIEW, KEY_ALLOC_NOT_IN_QUOTA, NULL); if (IS_ERR(authkey)) { ret = PTR_ERR(authkey);
Grant Link permission to the possessers of request_key authentication keys, thereby allowing a daemon that is servicing upcalls to arrange things such that only the necessary auth key is passed to the actual service program and not all the daemon's pending auth keys. Signed-off-by: David Howells <dhowells@redhat.com> --- security/keys/request_key_auth.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)