1. 30 4月, 2008 1 次提交
  2. 29 4月, 2008 12 次提交
    • R
      keys: explicitly include required slab.h header file. · fdb89bce
      Robert P. J. Day 提交于
      Since these two source files invoke kmalloc(), they should explicitly
      include <linux/slab.h>.
      Signed-off-by: NRobert P. J. Day <rpjday@crashcourse.ca>
      Cc: David Howells <dhowells@redhat.com>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      fdb89bce
    • D
      keys: make the keyring quotas controllable through /proc/sys · 0b77f5bf
      David Howells 提交于
      Make the keyring quotas controllable through /proc/sys files:
      
       (*) /proc/sys/kernel/keys/root_maxkeys
           /proc/sys/kernel/keys/root_maxbytes
      
           Maximum number of keys that root may have and the maximum total number of
           bytes of data that root may have stored in those keys.
      
       (*) /proc/sys/kernel/keys/maxkeys
           /proc/sys/kernel/keys/maxbytes
      
           Maximum number of keys that each non-root user may have and the maximum
           total number of bytes of data that each of those users may have stored in
           their keys.
      
      Also increase the quotas as a number of people have been complaining that it's
      not big enough.  I'm not sure that it's big enough now either, but on the
      other hand, it can now be set in /etc/sysctl.conf.
      Signed-off-by: NDavid Howells <dhowells@redhat.com>
      Cc: <kwc@citi.umich.edu>
      Cc: <arunsr@cse.iitk.ac.in>
      Cc: <dwalsh@redhat.com>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      0b77f5bf
    • D
      keys: don't generate user and user session keyrings unless they're accessed · 69664cf1
      David Howells 提交于
      Don't generate the per-UID user and user session keyrings unless they're
      explicitly accessed.  This solves a problem during a login process whereby
      set*uid() is called before the SELinux PAM module, resulting in the per-UID
      keyrings having the wrong security labels.
      
      This also cures the problem of multiple per-UID keyrings sometimes appearing
      due to PAM modules (including pam_keyinit) setuiding and causing user_structs
      to come into and go out of existence whilst the session keyring pins the user
      keyring.  This is achieved by first searching for extant per-UID keyrings
      before inventing new ones.
      
      The serial bound argument is also dropped from find_keyring_by_name() as it's
      not currently made use of (setting it to 0 disables the feature).
      Signed-off-by: NDavid Howells <dhowells@redhat.com>
      Cc: <kwc@citi.umich.edu>
      Cc: <arunsr@cse.iitk.ac.in>
      Cc: <dwalsh@redhat.com>
      Cc: Stephen Smalley <sds@tycho.nsa.gov>
      Cc: James Morris <jmorris@namei.org>
      Cc: Chris Wright <chrisw@sous-sol.org>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      69664cf1
    • A
      keys: allow clients to set key perms in key_create_or_update() · 6b79ccb5
      Arun Raghavan 提交于
      The key_create_or_update() function provided by the keyring code has a default
      set of permissions that are always applied to the key when created.  This
      might not be desirable to all clients.
      
      Here's a patch that adds a "perm" parameter to the function to address this,
      which can be set to KEY_PERM_UNDEF to revert to the current behaviour.
      Signed-off-by: NArun Raghavan <arunsr@cse.iitk.ac.in>
      Signed-off-by: NDavid Howells <dhowells@redhat.com>
      Cc: Satyam Sharma <ssatyam@cse.iitk.ac.in>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      6b79ccb5
    • A
      keys: switch to proc_create() · da91d2ef
      Alexey Dobriyan 提交于
      Signed-off-by: NAlexey Dobriyan <adobriyan@sw.ru>
      Cc: David Howells <dhowells@redhat.com>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      da91d2ef
    • D
      keys: add keyctl function to get a security label · 70a5bb72
      David Howells 提交于
      Add a keyctl() function to get the security label of a key.
      
      The following is added to Documentation/keys.txt:
      
       (*) Get the LSM security context attached to a key.
      
      	long keyctl(KEYCTL_GET_SECURITY, key_serial_t key, char *buffer,
      		    size_t buflen)
      
           This function returns a string that represents the LSM security context
           attached to a key in the buffer provided.
      
           Unless there's an error, it always returns the amount of data it could
           produce, even if that's too big for the buffer, but it won't copy more
           than requested to userspace. If the buffer pointer is NULL then no copy
           will take place.
      
           A NUL character is included at the end of the string if the buffer is
           sufficiently big.  This is included in the returned count.  If no LSM is
           in force then an empty string will be returned.
      
           A process must have view permission on the key for this function to be
           successful.
      
      [akpm@linux-foundation.org: declare keyctl_get_security()]
      Signed-off-by: NDavid Howells <dhowells@redhat.com>
      Acked-by: NStephen Smalley <sds@tycho.nsa.gov>
      Cc: Paul Moore <paul.moore@hp.com>
      Cc: Chris Wright <chrisw@sous-sol.org>
      Cc: James Morris <jmorris@namei.org>
      Cc: Kevin Coffman <kwc@citi.umich.edu>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      70a5bb72
    • D
      keys: allow the callout data to be passed as a blob rather than a string · 4a38e122
      David Howells 提交于
      Allow the callout data to be passed as a blob rather than a string for
      internal kernel services that call any request_key_*() interface other than
      request_key().  request_key() itself still takes a NUL-terminated string.
      
      The functions that change are:
      
      	request_key_with_auxdata()
      	request_key_async()
      	request_key_async_with_auxdata()
      Signed-off-by: NDavid Howells <dhowells@redhat.com>
      Cc: Paul Moore <paul.moore@hp.com>
      Cc: Chris Wright <chrisw@sous-sol.org>
      Cc: Stephen Smalley <sds@tycho.nsa.gov>
      Cc: James Morris <jmorris@namei.org>
      Cc: Kevin Coffman <kwc@citi.umich.edu>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      4a38e122
    • K
      keys: check starting keyring as part of search · dceba994
      Kevin Coffman 提交于
      Check the starting keyring as part of the search to (a) see if that is what
      we're searching for, and (b) to check it is still valid for searching.
      
      The scenario: User in process A does things that cause things to be created in
      its process session keyring.  The user then does an su to another user and
      starts a new process, B.  The two processes now share the same process session
      keyring.
      
      Process B does an NFS access which results in an upcall to gssd.  When gssd
      attempts to instantiate the context key (to be linked into the process session
      keyring), it is denied access even though it has an authorization key.
      
      The order of calls is:
      
         keyctl_instantiate_key()
            lookup_user_key()				    (the default: case)
               search_process_keyrings(current)
      	    search_process_keyrings(rka->context)   (recursive call)
      	       keyring_search_aux()
      
      keyring_search_aux() verifies the keys and keyrings underneath the top-level
      keyring it is given, but that top-level keyring is neither fully validated nor
      checked to see if it is the thing being searched for.
      
      This patch changes keyring_search_aux() to:
      1) do more validation on the top keyring it is given and
      2) check whether that top-level keyring is the thing being searched for
      Signed-off-by: NKevin Coffman <kwc@citi.umich.edu>
      Signed-off-by: NDavid Howells <dhowells@redhat.com>
      Cc: Paul Moore <paul.moore@hp.com>
      Cc: Chris Wright <chrisw@sous-sol.org>
      Cc: Stephen Smalley <sds@tycho.nsa.gov>
      Cc: James Morris <jmorris@namei.org>
      Cc: Kevin Coffman <kwc@citi.umich.edu>
      Cc: Trond Myklebust <trond.myklebust@fys.uio.no>
      Cc: "J. Bruce Fields" <bfields@fieldses.org>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      dceba994
    • D
      keys: increase the payload size when instantiating a key · 38bbca6b
      David Howells 提交于
      Increase the size of a payload that can be used to instantiate a key in
      add_key() and keyctl_instantiate_key().  This permits huge CIFS SPNEGO blobs
      to be passed around.  The limit is raised to 1MB.  If kmalloc() can't allocate
      a buffer of sufficient size, vmalloc() will be tried instead.
      Signed-off-by: NDavid Howells <dhowells@redhat.com>
      Cc: Paul Moore <paul.moore@hp.com>
      Cc: Chris Wright <chrisw@sous-sol.org>
      Cc: Stephen Smalley <sds@tycho.nsa.gov>
      Cc: James Morris <jmorris@namei.org>
      Cc: Kevin Coffman <kwc@citi.umich.edu>
      Cc: Steven French <sfrench@us.ibm.com>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      38bbca6b
    • S
      cgroups: introduce cft->read_seq() · 29486df3
      Serge E. Hallyn 提交于
      Introduce a read_seq() helper in cftype, which uses seq_file to print out
      lists.  Use it in the devices cgroup.  Also split devices.allow into two
      files, so now devices.deny and devices.allow are the ones to use to manipulate
      the whitelist, while devices.list outputs the cgroup's current whitelist.
      Signed-off-by: NSerge E. Hallyn <serue@us.ibm.com>
      Acked-by: NPaul Menage <menage@google.com>
      Cc: Balbir Singh <balbir@in.ibm.com>
      Cc: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      29486df3
    • S
      cgroups: implement device whitelist · 08ce5f16
      Serge E. Hallyn 提交于
      Implement a cgroup to track and enforce open and mknod restrictions on device
      files.  A device cgroup associates a device access whitelist with each cgroup.
       A whitelist entry has 4 fields.  'type' is a (all), c (char), or b (block).
      'all' means it applies to all types and all major and minor numbers.  Major
      and minor are either an integer or * for all.  Access is a composition of r
      (read), w (write), and m (mknod).
      
      The root device cgroup starts with rwm to 'all'.  A child devcg gets a copy of
      the parent.  Admins can then remove devices from the whitelist or add new
      entries.  A child cgroup can never receive a device access which is denied its
      parent.  However when a device access is removed from a parent it will not
      also be removed from the child(ren).
      
      An entry is added using devices.allow, and removed using
      devices.deny.  For instance
      
      	echo 'c 1:3 mr' > /cgroups/1/devices.allow
      
      allows cgroup 1 to read and mknod the device usually known as
      /dev/null.  Doing
      
      	echo a > /cgroups/1/devices.deny
      
      will remove the default 'a *:* mrw' entry.
      
      CAP_SYS_ADMIN is needed to change permissions or move another task to a new
      cgroup.  A cgroup may not be granted more permissions than the cgroup's parent
      has.  Any task can move itself between cgroups.  This won't be sufficient, but
      we can decide the best way to adequately restrict movement later.
      
      [akpm@linux-foundation.org: coding-style fixes]
      [akpm@linux-foundation.org: fix may-be-used-uninitialized warning]
      Signed-off-by: NSerge E. Hallyn <serue@us.ibm.com>
      Acked-by: NJames Morris <jmorris@namei.org>
      Looks-good-to: Pavel Emelyanov <xemul@openvz.org>
      Cc: Daniel Hokka Zakrisson <daniel@hozac.com>
      Cc: Li Zefan <lizf@cn.fujitsu.com>
      Cc: Paul Menage <menage@google.com>
      Cc: Balbir Singh <balbir@in.ibm.com>
      Cc: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      08ce5f16
    • D
      xattr: add missing consts to function arguments · 8f0cfa52
      David Howells 提交于
      Add missing consts to xattr function arguments.
      Signed-off-by: NDavid Howells <dhowells@redhat.com>
      Cc: Andreas Gruenbacher <agruen@suse.de>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      8f0cfa52
  3. 28 4月, 2008 19 次提交
  4. 22 4月, 2008 3 次提交
  5. 21 4月, 2008 5 次提交