• D
    KEYS: Don't permit request_key() to construct a new keyring · 911b79cd
    David Howells 提交于
    If request_key() is used to find a keyring, only do the search part - don't
    do the construction part if the keyring was not found by the search.  We
    don't really want keyrings in the negative instantiated state since the
    rejected/negative instantiation error value in the payload is unioned with
    keyring metadata.
    
    Now the kernel gives an error:
    
    	request_key("keyring", "#selinux,bdekeyring", "keyring", KEY_SPEC_USER_SESSION_KEYRING) = -1 EPERM (Operation not permitted)
    Signed-off-by: NDavid Howells <dhowells@redhat.com>
    911b79cd
request_key.c 19.7 KB