path: root/security/keys/Makefile
diff options
authorDavid Howells <>2008-04-29 01:01:31 -0700
committerLinus Torvalds <>2008-04-29 08:06:17 -0700
commit69664cf16af4f31cd54d77948a4baf9c7e0ca7b9 (patch)
tree3ff4ecae21c140a2beed25cfa9e55b788f9814ac /security/keys/Makefile
parent6b79ccb5144f9ffb4d4596c23e7570238dd12abc (diff)
keys: don't generate user and user session keyrings unless they're accessed
Don't generate the per-UID user and user session keyrings unless they're explicitly accessed. This solves a problem during a login process whereby set*uid() is called before the SELinux PAM module, resulting in the per-UID keyrings having the wrong security labels. This also cures the problem of multiple per-UID keyrings sometimes appearing due to PAM modules (including pam_keyinit) setuiding and causing user_structs to come into and go out of existence whilst the session keyring pins the user keyring. This is achieved by first searching for extant per-UID keyrings before inventing new ones. The serial bound argument is also dropped from find_keyring_by_name() as it's not currently made use of (setting it to 0 disables the feature). Signed-off-by: David Howells <> Cc: <> Cc: <> Cc: <> Cc: Stephen Smalley <> Cc: James Morris <> Cc: Chris Wright <> Signed-off-by: Andrew Morton <> Signed-off-by: Linus Torvalds <>
Diffstat (limited to 'security/keys/Makefile')
0 files changed, 0 insertions, 0 deletions