linux/security/keys
David Howells 0f44e4d976 keys: Move the user and user-session keyrings to the user_namespace
Move the user and user-session keyrings to the user_namespace struct rather
than pinning them from the user_struct struct.  This prevents these
keyrings from propagating across user-namespaces boundaries with regard to
the KEY_SPEC_* flags, thereby making them more useful in a containerised
environment.

The issue is that a single user_struct may be represent UIDs in several
different namespaces.

The way the patch does this is by attaching a 'register keyring' in each
user_namespace and then sticking the user and user-session keyrings into
that.  It can then be searched to retrieve them.

Signed-off-by: David Howells <dhowells@redhat.com>
cc: Jann Horn <jannh@google.com>
2019-06-26 21:02:32 +01:00
..
encrypted-keys crypto: shash - remove shash_desc::flags 2019-04-25 15:38:12 +08:00
big_key.c big key: get rid of stack array allocation 2018-05-11 13:07:45 -07:00
compat_dh.c KEYS: DH: validate __spare field 2017-07-14 11:01:38 +10:00
compat.c keys: Add capability-checking keyctl function 2019-06-19 13:27:45 +01:00
dh.c crypto: shash - remove shash_desc::flags 2019-04-25 15:38:12 +08:00
gc.c security: audit and remove any unnecessary uses of module.h 2018-12-12 14:58:51 -08:00
internal.h keys: Move the user and user-session keyrings to the user_namespace 2019-06-26 21:02:32 +01:00
Kconfig keys: Cache result of request_key*() temporarily in task_struct 2019-06-19 16:10:15 +01:00
key.c keys: Cache the hash value to avoid lots of recalculation 2019-06-26 21:02:32 +01:00
keyctl_pkey.c KEYS: fix parsing invalid pkey info string 2019-01-01 13:13:19 -08:00
keyctl.c keys: Namespace keyring names 2019-06-26 21:02:32 +01:00
keyring.c keys: Move the user and user-session keyrings to the user_namespace 2019-06-26 21:02:32 +01:00
Makefile KEYS: Provide keyctls to drive the new key type ops for asymmetric keys [ver #2] 2018-10-26 09:30:46 +01:00
permission.c security: audit and remove any unnecessary uses of module.h 2018-12-12 14:58:51 -08:00
persistent.c keys: Move the user and user-session keyrings to the user_namespace 2019-06-26 21:02:32 +01:00
proc.c keys: Add a 'recurse' flag for keyring searches 2019-06-26 21:02:32 +01:00
process_keys.c keys: Move the user and user-session keyrings to the user_namespace 2019-06-26 21:02:32 +01:00
request_key_auth.c keys: Add a 'recurse' flag for keyring searches 2019-06-26 21:02:32 +01:00
request_key.c keys: Move the user and user-session keyrings to the user_namespace 2019-06-26 21:02:32 +01:00
sysctl.c security: Convert use of typedef ctl_table to struct ctl_table 2014-04-15 13:39:58 +10:00
trusted.c Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2019-05-06 20:15:06 -07:00
user_defined.c security: audit and remove any unnecessary uses of module.h 2018-12-12 14:58:51 -08:00