leandrof/linux
1
0
Fork 0
forked from Minki/linux
Code Issues Pull Requests Packages Projects Releases Wiki Activity
0f44e4d976
linux/security
History
David Howells 0f44e4d976 keys: Move the user and user-session keyrings to the user_namespace 
Move the user and user-session keyrings to the user_namespace struct rather
than pinning them from the user_struct struct.  This prevents these
keyrings from propagating across user-namespaces boundaries with regard to
the KEY_SPEC_* flags, thereby making them more useful in a containerised
environment.

The issue is that a single user_struct may be represent UIDs in several
different namespaces.

The way the patch does this is by attaching a 'register keyring' in each
user_namespace and then sticking the user and user-session keyrings into
that.  It can then be searched to retrieve them.

Signed-off-by: David Howells <dhowells@redhat.com>
cc: Jann Horn <jannh@google.com>
2019-06-26 21:02:32 +01:00
..
apparmor Merge branch 'work.icache' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2019-05-07 10:57:05 -07:00
integrity keys: Add a 'recurse' flag for keyring searches 2019-06-26 21:02:32 +01:00
keys keys: Move the user and user-session keyrings to the user_namespace 2019-06-26 21:02:32 +01:00
loadpin LoadPin: Initialize as ordered LSM 2019-01-08 13:18:43 -08:00
safesetid LSM: fix return value check in safesetid_init_securityfs() 2019-02-12 10:59:22 -08:00
selinux Revert "selinux: do not report error on connect(AF_UNSPEC)" 2019-05-10 09:34:31 -07:00
smack Smack: Fix kbuild reported build error 2019-04-30 14:13:32 -07:00
tomoyo tomoyo: Don't emit WARNING: string while fuzzing testing. 2019-05-10 14:58:35 -07:00
yama Yama: mark function as static 2019-04-10 10:36:45 -07:00
commoncap.c audit/stable-5.1 PR 20190305 2019-03-07 12:20:11 -08:00
device_cgroup.c device_cgroup: fix RCU imbalance in error case 2019-03-19 10:46:15 -07:00
inode.c securityfs: switch to ->free_inode() 2019-05-01 22:43:26 -04:00
Kconfig compiler-based memory initialization 2019-05-07 12:44:49 -07:00
Kconfig.hardening security: Implement Clang's stack initialization 2019-04-24 14:00:56 -07:00
lsm_audit.c missing barriers in some of unix_sock ->addr and ->path accesses 2019-02-20 20:06:28 -08:00
Makefile LSM: add SafeSetID module that gates setid calls 2019-01-25 11:22:45 -08:00
min_addr.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
security.c Merge branch 'work.mount-syscalls' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2019-05-07 20:17:51 -07:00