Loading Documentation/keys-request-key.txt +5 −4 Original line number Diff line number Diff line Loading @@ -127,14 +127,15 @@ This is because process A's keyrings can't simply be attached to of them, and (b) it requires the same UID/GID/Groups all the way through. ====================== NEGATIVE INSTANTIATION ====================== ==================================== NEGATIVE INSTANTIATION AND REJECTION ==================================== Rather than instantiating a key, it is possible for the possessor of an authorisation key to negatively instantiate a key that's under construction. This is a short duration placeholder that causes any attempt at re-requesting the key whilst it exists to fail with error ENOKEY. the key whilst it exists to fail with error ENOKEY if negated or the specified error if rejected. This is provided to prevent excessive repeated spawning of /sbin/request-key processes for a key that will never be obtainable. Loading Documentation/keys.txt +24 −4 Original line number Diff line number Diff line Loading @@ -637,6 +637,9 @@ The keyctl syscall functions are: long keyctl(KEYCTL_INSTANTIATE, key_serial_t key, const void *payload, size_t plen, key_serial_t keyring); long keyctl(KEYCTL_INSTANTIATE_IOV, key_serial_t key, const struct iovec *payload_iov, unsigned ioc, key_serial_t keyring); If the kernel calls back to userspace to complete the instantiation of a key, userspace should use this call to supply data for the key before the Loading @@ -652,11 +655,16 @@ The keyctl syscall functions are: The payload and plen arguments describe the payload data as for add_key(). The payload_iov and ioc arguments describe the payload data in an iovec array instead of a single buffer. (*) Negatively instantiate a partially constructed key. long keyctl(KEYCTL_NEGATE, key_serial_t key, unsigned timeout, key_serial_t keyring); long keyctl(KEYCTL_REJECT, key_serial_t key, unsigned timeout, unsigned error, key_serial_t keyring); If the kernel calls back to userspace to complete the instantiation of a key, userspace should use this call mark the key as negative before the Loading @@ -669,6 +677,10 @@ The keyctl syscall functions are: that keyring, however all the constraints applying in KEYCTL_LINK apply in this case too. If the key is rejected, future searches for it will return the specified error code until the rejected key expires. Negating the key is the same as rejecting the key with ENOKEY as the error code. (*) Set the default request-key destination keyring. Loading Loading @@ -1062,6 +1074,13 @@ The structure has a number of fields, some of which are mandatory: viable. (*) int (*vet_description)(const char *description); This optional method is called to vet a key description. If the key type doesn't approve of the key description, it may return an error, otherwise it should return 0. (*) int (*instantiate)(struct key *key, const void *data, size_t datalen); This method is called to attach a payload to a key during construction. Loading Loading @@ -1231,10 +1250,11 @@ hand the request off to (perhaps a path held in placed in another key by, for example, the KDE desktop manager). The program (or whatever it calls) should finish construction of the key by calling KEYCTL_INSTANTIATE, which also permits it to cache the key in one of the keyrings (probably the session ring) before returning. Alternatively, the key can be marked as negative with KEYCTL_NEGATE; this also permits the key to be cached in one of the keyrings. calling KEYCTL_INSTANTIATE or KEYCTL_INSTANTIATE_IOV, which also permits it to cache the key in one of the keyrings (probably the session ring) before returning. Alternatively, the key can be marked as negative with KEYCTL_NEGATE or KEYCTL_REJECT; this also permits the key to be cached in one of the keyrings. If it returns with the key remaining in the unconstructed state, the key will be marked as being negative, it will be added to the session keyring, and an Loading arch/x86/Kconfig +5 −0 Original line number Diff line number Diff line Loading @@ -2138,6 +2138,11 @@ config SYSVIPC_COMPAT def_bool y depends on COMPAT && SYSVIPC config KEYS_COMPAT bool depends on COMPAT && KEYS default y endmenu Loading fs/btrfs/inode.c +7 −6 Original line number Diff line number Diff line Loading @@ -90,13 +90,14 @@ static noinline int cow_file_range(struct inode *inode, unsigned long *nr_written, int unlock); static int btrfs_init_inode_security(struct btrfs_trans_handle *trans, struct inode *inode, struct inode *dir) struct inode *inode, struct inode *dir, const struct qstr *qstr) { int err; err = btrfs_init_acl(trans, inode, dir); if (!err) err = btrfs_xattr_security_init(trans, inode, dir); err = btrfs_xattr_security_init(trans, inode, dir, qstr); return err; } Loading Loading @@ -4704,7 +4705,7 @@ static int btrfs_mknod(struct inode *dir, struct dentry *dentry, if (IS_ERR(inode)) goto out_unlock; err = btrfs_init_inode_security(trans, inode, dir); err = btrfs_init_inode_security(trans, inode, dir, &dentry->d_name); if (err) { drop_inode = 1; goto out_unlock; Loading Loading @@ -4765,7 +4766,7 @@ static int btrfs_create(struct inode *dir, struct dentry *dentry, if (IS_ERR(inode)) goto out_unlock; err = btrfs_init_inode_security(trans, inode, dir); err = btrfs_init_inode_security(trans, inode, dir, &dentry->d_name); if (err) { drop_inode = 1; goto out_unlock; Loading Loading @@ -4894,7 +4895,7 @@ static int btrfs_mkdir(struct inode *dir, struct dentry *dentry, int mode) drop_on_err = 1; err = btrfs_init_inode_security(trans, inode, dir); err = btrfs_init_inode_security(trans, inode, dir, &dentry->d_name); if (err) goto out_fail; Loading Loading @@ -7106,7 +7107,7 @@ static int btrfs_symlink(struct inode *dir, struct dentry *dentry, if (IS_ERR(inode)) goto out_unlock; err = btrfs_init_inode_security(trans, inode, dir); err = btrfs_init_inode_security(trans, inode, dir, &dentry->d_name); if (err) { drop_inode = 1; goto out_unlock; Loading fs/btrfs/xattr.c +4 −2 Original line number Diff line number Diff line Loading @@ -370,7 +370,8 @@ int btrfs_removexattr(struct dentry *dentry, const char *name) } int btrfs_xattr_security_init(struct btrfs_trans_handle *trans, struct inode *inode, struct inode *dir) struct inode *inode, struct inode *dir, const struct qstr *qstr) { int err; size_t len; Loading @@ -378,7 +379,8 @@ int btrfs_xattr_security_init(struct btrfs_trans_handle *trans, char *suffix; char *name; err = security_inode_init_security(inode, dir, &suffix, &value, &len); err = security_inode_init_security(inode, dir, qstr, &suffix, &value, &len); if (err) { if (err == -EOPNOTSUPP) return 0; Loading Loading
Documentation/keys-request-key.txt +5 −4 Original line number Diff line number Diff line Loading @@ -127,14 +127,15 @@ This is because process A's keyrings can't simply be attached to of them, and (b) it requires the same UID/GID/Groups all the way through. ====================== NEGATIVE INSTANTIATION ====================== ==================================== NEGATIVE INSTANTIATION AND REJECTION ==================================== Rather than instantiating a key, it is possible for the possessor of an authorisation key to negatively instantiate a key that's under construction. This is a short duration placeholder that causes any attempt at re-requesting the key whilst it exists to fail with error ENOKEY. the key whilst it exists to fail with error ENOKEY if negated or the specified error if rejected. This is provided to prevent excessive repeated spawning of /sbin/request-key processes for a key that will never be obtainable. Loading
Documentation/keys.txt +24 −4 Original line number Diff line number Diff line Loading @@ -637,6 +637,9 @@ The keyctl syscall functions are: long keyctl(KEYCTL_INSTANTIATE, key_serial_t key, const void *payload, size_t plen, key_serial_t keyring); long keyctl(KEYCTL_INSTANTIATE_IOV, key_serial_t key, const struct iovec *payload_iov, unsigned ioc, key_serial_t keyring); If the kernel calls back to userspace to complete the instantiation of a key, userspace should use this call to supply data for the key before the Loading @@ -652,11 +655,16 @@ The keyctl syscall functions are: The payload and plen arguments describe the payload data as for add_key(). The payload_iov and ioc arguments describe the payload data in an iovec array instead of a single buffer. (*) Negatively instantiate a partially constructed key. long keyctl(KEYCTL_NEGATE, key_serial_t key, unsigned timeout, key_serial_t keyring); long keyctl(KEYCTL_REJECT, key_serial_t key, unsigned timeout, unsigned error, key_serial_t keyring); If the kernel calls back to userspace to complete the instantiation of a key, userspace should use this call mark the key as negative before the Loading @@ -669,6 +677,10 @@ The keyctl syscall functions are: that keyring, however all the constraints applying in KEYCTL_LINK apply in this case too. If the key is rejected, future searches for it will return the specified error code until the rejected key expires. Negating the key is the same as rejecting the key with ENOKEY as the error code. (*) Set the default request-key destination keyring. Loading Loading @@ -1062,6 +1074,13 @@ The structure has a number of fields, some of which are mandatory: viable. (*) int (*vet_description)(const char *description); This optional method is called to vet a key description. If the key type doesn't approve of the key description, it may return an error, otherwise it should return 0. (*) int (*instantiate)(struct key *key, const void *data, size_t datalen); This method is called to attach a payload to a key during construction. Loading Loading @@ -1231,10 +1250,11 @@ hand the request off to (perhaps a path held in placed in another key by, for example, the KDE desktop manager). The program (or whatever it calls) should finish construction of the key by calling KEYCTL_INSTANTIATE, which also permits it to cache the key in one of the keyrings (probably the session ring) before returning. Alternatively, the key can be marked as negative with KEYCTL_NEGATE; this also permits the key to be cached in one of the keyrings. calling KEYCTL_INSTANTIATE or KEYCTL_INSTANTIATE_IOV, which also permits it to cache the key in one of the keyrings (probably the session ring) before returning. Alternatively, the key can be marked as negative with KEYCTL_NEGATE or KEYCTL_REJECT; this also permits the key to be cached in one of the keyrings. If it returns with the key remaining in the unconstructed state, the key will be marked as being negative, it will be added to the session keyring, and an Loading
arch/x86/Kconfig +5 −0 Original line number Diff line number Diff line Loading @@ -2138,6 +2138,11 @@ config SYSVIPC_COMPAT def_bool y depends on COMPAT && SYSVIPC config KEYS_COMPAT bool depends on COMPAT && KEYS default y endmenu Loading
fs/btrfs/inode.c +7 −6 Original line number Diff line number Diff line Loading @@ -90,13 +90,14 @@ static noinline int cow_file_range(struct inode *inode, unsigned long *nr_written, int unlock); static int btrfs_init_inode_security(struct btrfs_trans_handle *trans, struct inode *inode, struct inode *dir) struct inode *inode, struct inode *dir, const struct qstr *qstr) { int err; err = btrfs_init_acl(trans, inode, dir); if (!err) err = btrfs_xattr_security_init(trans, inode, dir); err = btrfs_xattr_security_init(trans, inode, dir, qstr); return err; } Loading Loading @@ -4704,7 +4705,7 @@ static int btrfs_mknod(struct inode *dir, struct dentry *dentry, if (IS_ERR(inode)) goto out_unlock; err = btrfs_init_inode_security(trans, inode, dir); err = btrfs_init_inode_security(trans, inode, dir, &dentry->d_name); if (err) { drop_inode = 1; goto out_unlock; Loading Loading @@ -4765,7 +4766,7 @@ static int btrfs_create(struct inode *dir, struct dentry *dentry, if (IS_ERR(inode)) goto out_unlock; err = btrfs_init_inode_security(trans, inode, dir); err = btrfs_init_inode_security(trans, inode, dir, &dentry->d_name); if (err) { drop_inode = 1; goto out_unlock; Loading Loading @@ -4894,7 +4895,7 @@ static int btrfs_mkdir(struct inode *dir, struct dentry *dentry, int mode) drop_on_err = 1; err = btrfs_init_inode_security(trans, inode, dir); err = btrfs_init_inode_security(trans, inode, dir, &dentry->d_name); if (err) goto out_fail; Loading Loading @@ -7106,7 +7107,7 @@ static int btrfs_symlink(struct inode *dir, struct dentry *dentry, if (IS_ERR(inode)) goto out_unlock; err = btrfs_init_inode_security(trans, inode, dir); err = btrfs_init_inode_security(trans, inode, dir, &dentry->d_name); if (err) { drop_inode = 1; goto out_unlock; Loading
fs/btrfs/xattr.c +4 −2 Original line number Diff line number Diff line Loading @@ -370,7 +370,8 @@ int btrfs_removexattr(struct dentry *dentry, const char *name) } int btrfs_xattr_security_init(struct btrfs_trans_handle *trans, struct inode *inode, struct inode *dir) struct inode *inode, struct inode *dir, const struct qstr *qstr) { int err; size_t len; Loading @@ -378,7 +379,8 @@ int btrfs_xattr_security_init(struct btrfs_trans_handle *trans, char *suffix; char *name; err = security_inode_init_security(inode, dir, &suffix, &value, &len); err = security_inode_init_security(inode, dir, qstr, &suffix, &value, &len); if (err) { if (err == -EOPNOTSUPP) return 0; Loading
