keys: don't generate user and user session keyrings unless they're accessed
Don't generate the per-UID user and user session keyrings unless they're explicitly accessed. This solves a problem during a login process whereby set*uid() is called before the SELinux PAM module, resulting in the per-UID keyrings having the wrong security labels. This also cures the problem of multiple per-UID keyrings sometimes appearing due to PAM modules (including pam_keyinit) setuiding and causing user_structs to come into and go out of existence whilst the session keyring pins the user keyring. This is achieved by first searching for extant per-UID keyrings before inventing new ones. The serial bound argument is also dropped from find_keyring_by_name() as it's not currently made use of (setting it to 0 disables the feature). Signed-off-by:David Howells <dhowells@redhat.com> Cc: <kwc@citi.umich.edu> Cc: <arunsr@cse.iitk.ac.in> Cc: <dwalsh@redhat.com> Cc: Stephen Smalley <sds@tycho.nsa.gov> Cc: James Morris <jmorris@namei.org> Cc: Chris Wright <chrisw@sous-sol.org> Signed-off-by:
Showing
- include/linux/key.h 0 additions, 8 deletionsinclude/linux/key.h
- kernel/user.c 4 additions, 11 deletionskernel/user.c
- security/keys/internal.h 1 addition, 3 deletionssecurity/keys/internal.h
- security/keys/key.c 1 addition, 44 deletionssecurity/keys/key.c
- security/keys/keyring.c 7 additions, 12 deletionssecurity/keys/keyring.c
- security/keys/process_keys.c 83 additions, 59 deletionssecurity/keys/process_keys.c
- security/selinux/hooks.c 0 additions, 8 deletionssecurity/selinux/hooks.c
Loading
Please register or sign in to comment