mirror of
https://mirrors.bfsu.edu.cn/git/linux.git
synced 2024-12-11 13:04:03 +08:00
0f44e4d976
Move the user and user-session keyrings to the user_namespace struct rather than pinning them from the user_struct struct. This prevents these keyrings from propagating across user-namespaces boundaries with regard to the KEY_SPEC_* flags, thereby making them more useful in a containerised environment. The issue is that a single user_struct may be represent UIDs in several different namespaces. The way the patch does this is by attaching a 'register keyring' in each user_namespace and then sticking the user and user-session keyrings into that. It can then be searched to retrieve them. Signed-off-by: David Howells <dhowells@redhat.com> cc: Jann Horn <jannh@google.com> |
||
---|---|---|
.. | ||
encrypted-keys | ||
big_key.c | ||
compat_dh.c | ||
compat.c | ||
dh.c | ||
gc.c | ||
internal.h | ||
Kconfig | ||
key.c | ||
keyctl_pkey.c | ||
keyctl.c | ||
keyring.c | ||
Makefile | ||
permission.c | ||
persistent.c | ||
proc.c | ||
process_keys.c | ||
request_key_auth.c | ||
request_key.c | ||
sysctl.c | ||
trusted.c | ||
user_defined.c |