summaryrefslogtreecommitdiff
path: root/security
diff options
context:
space:
mode:
authorDavid Howells <dhowells@redhat.com>2019-05-20 23:51:43 +0300
committerDavid Howells <dhowells@redhat.com>2019-05-31 00:54:43 +0300
commitf7f1394576563b7096fe858fb178bcaedfa0b245 (patch)
treeac5b9efbe2d73ccbfb2257aef6ffb28decdd1fd4 /security
parented0ac5c7ec3763e3261c48e3c5d4b7528b60fd85 (diff)
downloadlinux-f7f1394576563b7096fe858fb178bcaedfa0b245.tar.xz
keys: Grant Link permission to possessers of request_key auth keys
Grant Link permission to the possessers of request_key authentication keys, thereby allowing a daemon that is servicing upcalls to arrange things such that only the necessary auth key is passed to the actual service program and not all the daemon's pending auth keys. Signed-off-by: David Howells <dhowells@redhat.com> Reviewed-by: James Morris <jamorris@linux.microsoft.com>
Diffstat (limited to 'security')
-rw-r--r--security/keys/request_key_auth.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/security/keys/request_key_auth.c b/security/keys/request_key_auth.c
index 572c7a60473a..ec5226557023 100644
--- a/security/keys/request_key_auth.c
+++ b/security/keys/request_key_auth.c
@@ -204,7 +204,7 @@ struct key *request_key_auth_new(struct key *target, const char *op,
authkey = key_alloc(&key_type_request_key_auth, desc,
cred->fsuid, cred->fsgid, cred,
- KEY_POS_VIEW | KEY_POS_READ | KEY_POS_SEARCH |
+ KEY_POS_VIEW | KEY_POS_READ | KEY_POS_SEARCH | KEY_POS_LINK |
KEY_USR_VIEW, KEY_ALLOC_NOT_IN_QUOTA, NULL);
if (IS_ERR(authkey)) {
ret = PTR_ERR(authkey);