forked from Minki/linux
KEYS: Make /proc/keys unconditional if CONFIG_KEYS=y
Now that /proc/keys is used by libkeyutils to look up a key by type and description, we should make it unconditional and remove CONFIG_DEBUG_PROC_KEYS. Reported-by: Jiri Kosina <jkosina@suse.cz> Signed-off-by: David Howells <dhowells@redhat.com> Tested-by: Jiri Kosina <jkosina@suse.cz>
This commit is contained in:
parent
961be7ef69
commit
dabd39cc2f
@ -323,8 +323,6 @@ about the status of the key service:
|
||||
U Under construction by callback to userspace
|
||||
N Negative key
|
||||
|
||||
This file must be enabled at kernel configuration time as it allows anyone
|
||||
to list the keys database.
|
||||
|
||||
(*) /proc/key-users
|
||||
|
||||
|
@ -80,21 +80,3 @@ config ENCRYPTED_KEYS
|
||||
Userspace only ever sees/stores encrypted blobs.
|
||||
|
||||
If you are unsure as to whether this is required, answer N.
|
||||
|
||||
config KEYS_DEBUG_PROC_KEYS
|
||||
bool "Enable the /proc/keys file by which keys may be viewed"
|
||||
depends on KEYS
|
||||
help
|
||||
This option turns on support for the /proc/keys file - through which
|
||||
can be listed all the keys on the system that are viewable by the
|
||||
reading process.
|
||||
|
||||
The only keys included in the list are those that grant View
|
||||
permission to the reading process whether or not it possesses them.
|
||||
Note that LSM security checks are still performed, and may further
|
||||
filter out keys that the current process is not authorised to view.
|
||||
|
||||
Only key attributes are listed here; key payloads are not included in
|
||||
the resulting table.
|
||||
|
||||
If you are unsure as to whether this is required, answer N.
|
||||
|
@ -18,7 +18,6 @@
|
||||
#include <asm/errno.h>
|
||||
#include "internal.h"
|
||||
|
||||
#ifdef CONFIG_KEYS_DEBUG_PROC_KEYS
|
||||
static int proc_keys_open(struct inode *inode, struct file *file);
|
||||
static void *proc_keys_start(struct seq_file *p, loff_t *_pos);
|
||||
static void *proc_keys_next(struct seq_file *p, void *v, loff_t *_pos);
|
||||
@ -38,7 +37,6 @@ static const struct file_operations proc_keys_fops = {
|
||||
.llseek = seq_lseek,
|
||||
.release = seq_release,
|
||||
};
|
||||
#endif
|
||||
|
||||
static int proc_key_users_open(struct inode *inode, struct file *file);
|
||||
static void *proc_key_users_start(struct seq_file *p, loff_t *_pos);
|
||||
@ -67,11 +65,9 @@ static int __init key_proc_init(void)
|
||||
{
|
||||
struct proc_dir_entry *p;
|
||||
|
||||
#ifdef CONFIG_KEYS_DEBUG_PROC_KEYS
|
||||
p = proc_create("keys", 0, NULL, &proc_keys_fops);
|
||||
if (!p)
|
||||
panic("Cannot create /proc/keys\n");
|
||||
#endif
|
||||
|
||||
p = proc_create("key-users", 0, NULL, &proc_key_users_fops);
|
||||
if (!p)
|
||||
@ -86,8 +82,6 @@ __initcall(key_proc_init);
|
||||
* Implement "/proc/keys" to provide a list of the keys on the system that
|
||||
* grant View permission to the caller.
|
||||
*/
|
||||
#ifdef CONFIG_KEYS_DEBUG_PROC_KEYS
|
||||
|
||||
static struct rb_node *key_serial_next(struct seq_file *p, struct rb_node *n)
|
||||
{
|
||||
struct user_namespace *user_ns = seq_user_ns(p);
|
||||
@ -275,8 +269,6 @@ static int proc_keys_show(struct seq_file *m, void *v)
|
||||
return 0;
|
||||
}
|
||||
|
||||
#endif /* CONFIG_KEYS_DEBUG_PROC_KEYS */
|
||||
|
||||
static struct rb_node *__key_user_next(struct user_namespace *user_ns, struct rb_node *n)
|
||||
{
|
||||
while (n) {
|
||||
|
Loading…
Reference in New Issue
Block a user