diff options
| author | David Howells <[email protected]> | 2008-04-29 01:01:31 -0700 |
|---|---|---|
| committer | Linus Torvalds <[email protected]> | 2008-04-29 08:06:17 -0700 |
| commit | 69664cf16af4f31cd54d77948a4baf9c7e0ca7b9 (patch) | |
| tree | 3ff4ecae21c140a2beed25cfa9e55b788f9814ac /tools/perf/scripts/python | |
| parent | 6b79ccb5144f9ffb4d4596c23e7570238dd12abc (diff) | |
keys: don't generate user and user session keyrings unless they're accessed
Don't generate the per-UID user and user session keyrings unless they're
explicitly accessed. This solves a problem during a login process whereby
set*uid() is called before the SELinux PAM module, resulting in the per-UID
keyrings having the wrong security labels.
This also cures the problem of multiple per-UID keyrings sometimes appearing
due to PAM modules (including pam_keyinit) setuiding and causing user_structs
to come into and go out of existence whilst the session keyring pins the user
keyring. This is achieved by first searching for extant per-UID keyrings
before inventing new ones.
The serial bound argument is also dropped from find_keyring_by_name() as it's
not currently made use of (setting it to 0 disables the feature).
Signed-off-by: David Howells <[email protected]>
Cc: <[email protected]>
Cc: <[email protected]>
Cc: <[email protected]>
Cc: Stephen Smalley <[email protected]>
Cc: James Morris <[email protected]>
Cc: Chris Wright <[email protected]>
Signed-off-by: Andrew Morton <[email protected]>
Signed-off-by: Linus Torvalds <[email protected]>
Diffstat (limited to 'tools/perf/scripts/python')
0 files changed, 0 insertions, 0 deletions