diff options
author | Mimi Zohar <zohar@linux.vnet.ibm.com> | 2015-11-10 08:34:46 -0500 |
---|---|---|
committer | Mimi Zohar <zohar@linux.vnet.ibm.com> | 2015-12-15 10:01:43 -0500 |
commit | d3600bcf9d64d88dc1d189a754dcfab960ce751f (patch) | |
tree | 0db5cee0ddb99cfe1cbd7f8314653f36ddf5005f /security/keys/key.c | |
parent | 80eae209d63ac6361c7b445f7e7e41f39c044772 (diff) |
KEYS: prevent keys from being removed from specified keyrings
Userspace should not be allowed to remove keys from certain keyrings
(eg. blacklist), though the keys themselves can expire.
This patch defines a new key flag named KEY_FLAG_KEEP to prevent
userspace from being able to unlink, revoke, invalidate or timed
out a key on a keyring. When this flag is set on the keyring, all
keys subsequently added are flagged.
In addition, when this flag is set, the keyring itself can not be
cleared.
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Cc: David Howells <dhowells@redhat.com>
Diffstat (limited to 'security/keys/key.c')
-rw-r--r-- | security/keys/key.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/security/keys/key.c b/security/keys/key.c index ab7997ded725..09ef276c4bdc 100644 --- a/security/keys/key.c +++ b/security/keys/key.c @@ -429,8 +429,12 @@ static int __key_instantiate_and_link(struct key *key, awaken = 1; /* and link it into the destination keyring */ - if (keyring) + if (keyring) { + if (test_bit(KEY_FLAG_KEEP, &keyring->flags)) + set_bit(KEY_FLAG_KEEP, &key->flags); + __key_link(key, _edit); + } /* disable the authorisation key */ if (authkey) |