summaryrefslogtreecommitdiff
path: root/security/keys
diff options
context:
space:
mode:
Diffstat (limited to 'security/keys')
-rw-r--r--security/keys/key.c2
-rw-r--r--security/keys/permission.c5
-rw-r--r--security/keys/process_keys.c2
3 files changed, 5 insertions, 4 deletions
diff --git a/security/keys/key.c b/security/keys/key.c
index c9bf66ac36e0..50d96d4e06f2 100644
--- a/security/keys/key.c
+++ b/security/keys/key.c
@@ -253,7 +253,7 @@ struct key *key_alloc(struct key_type *type, const char *desc,
quotalen = desclen + type->def_datalen;
/* get hold of the key tracking for this user */
- user = key_user_lookup(uid, cred->user->user_ns);
+ user = key_user_lookup(uid, cred->user_ns);
if (!user)
goto no_memory_1;
diff --git a/security/keys/permission.c b/security/keys/permission.c
index 57d96363d7f1..0b4d019e027d 100644
--- a/security/keys/permission.c
+++ b/security/keys/permission.c
@@ -36,7 +36,7 @@ int key_task_permission(const key_ref_t key_ref, const struct cred *cred,
key = key_ref_to_ptr(key_ref);
- if (key->user->user_ns != cred->user->user_ns)
+ if (key->user->user_ns != cred->user_ns)
goto use_other_perms;
/* use the second 8-bits of permissions for keys the caller owns */
@@ -53,7 +53,8 @@ int key_task_permission(const key_ref_t key_ref, const struct cred *cred,
goto use_these_perms;
}
- ret = groups_search(cred->group_info, key->gid);
+ ret = groups_search(cred->group_info,
+ make_kgid(current_user_ns(), key->gid));
if (ret) {
kperm = key->perm >> 8;
goto use_these_perms;
diff --git a/security/keys/process_keys.c b/security/keys/process_keys.c
index e137fcd7042c..d71056db7b67 100644
--- a/security/keys/process_keys.c
+++ b/security/keys/process_keys.c
@@ -860,7 +860,7 @@ void key_replace_session_keyring(void)
new-> sgid = old-> sgid;
new->fsgid = old->fsgid;
new->user = get_uid(old->user);
- new->user_ns = new->user->user_ns;
+ new->user_ns = get_user_ns(new->user_ns);
new->group_info = get_group_info(old->group_info);
new->securebits = old->securebits;