summaryrefslogtreecommitdiff
path: root/security
diff options
context:
space:
mode:
authorSerge E. Hallyn <serue@us.ibm.com>2009-02-27 03:27:55 +0300
committerJames Morris <jmorris@namei.org>2009-02-27 04:35:12 +0300
commit2ea190d0a006ce5218baa6e798512652446a605a (patch)
tree1d8612678355c77d8ea9f316ef6ce7d80ee6d613 /security
parent8ff3bc3138a400294ee9e126ac75fc9a9fae4e0b (diff)
downloadlinux-2ea190d0a006ce5218baa6e798512652446a605a.tar.xz
keys: skip keys from another user namespace
When listing keys, do not return keys belonging to the same uid in another user namespace. Otherwise uid 500 in another user namespace will return keyrings called uid.500 for another user namespace. Signed-off-by: Serge E. Hallyn <serue@us.ibm.com> Acked-by: David Howells <dhowells@redhat.com> Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security')
-rw-r--r--security/keys/keyring.c3
1 files changed, 3 insertions, 0 deletions
diff --git a/security/keys/keyring.c b/security/keys/keyring.c
index ed851574d073..3dba81c2eba3 100644
--- a/security/keys/keyring.c
+++ b/security/keys/keyring.c
@@ -539,6 +539,9 @@ struct key *find_keyring_by_name(const char *name, bool skip_perm_check)
&keyring_name_hash[bucket],
type_data.link
) {
+ if (keyring->user->user_ns != current_user_ns())
+ continue;
+
if (test_bit(KEY_FLAG_REVOKED, &keyring->flags))
continue;