Commit 454804ab0302b354e35d992d08e53fe03313baaf
Committed by
James Morris
1 parent
2ea190d0a0
keys: make procfiles per-user-namespace
Restrict the /proc/keys and /proc/key-users output to keys belonging to the same user namespace as the reading task. We may want to make this more complicated - so that any keys in a user-namespace which is belongs to the reading task are also shown. But let's see if anyone wants that first. Signed-off-by: Serge E. Hallyn <serue@us.ibm.com> Acked-by: David Howells <dhowells@redhat.com> Signed-off-by: James Morris <jmorris@namei.org>
Showing 1 changed file with 49 additions and 6 deletions Side-by-side Diff
security/keys/proc.c
... | ... | @@ -91,6 +91,28 @@ |
91 | 91 | */ |
92 | 92 | #ifdef CONFIG_KEYS_DEBUG_PROC_KEYS |
93 | 93 | |
94 | +static struct rb_node *__key_serial_next(struct rb_node *n) | |
95 | +{ | |
96 | + while (n) { | |
97 | + struct key *key = rb_entry(n, struct key, serial_node); | |
98 | + if (key->user->user_ns == current_user_ns()) | |
99 | + break; | |
100 | + n = rb_next(n); | |
101 | + } | |
102 | + return n; | |
103 | +} | |
104 | + | |
105 | +static struct rb_node *key_serial_next(struct rb_node *n) | |
106 | +{ | |
107 | + return __key_serial_next(rb_next(n)); | |
108 | +} | |
109 | + | |
110 | +static struct rb_node *key_serial_first(struct rb_root *r) | |
111 | +{ | |
112 | + struct rb_node *n = rb_first(r); | |
113 | + return __key_serial_next(n); | |
114 | +} | |
115 | + | |
94 | 116 | static int proc_keys_open(struct inode *inode, struct file *file) |
95 | 117 | { |
96 | 118 | return seq_open(file, &proc_keys_ops); |
97 | 119 | |
... | ... | @@ -104,10 +126,10 @@ |
104 | 126 | |
105 | 127 | spin_lock(&key_serial_lock); |
106 | 128 | |
107 | - _p = rb_first(&key_serial_tree); | |
129 | + _p = key_serial_first(&key_serial_tree); | |
108 | 130 | while (pos > 0 && _p) { |
109 | 131 | pos--; |
110 | - _p = rb_next(_p); | |
132 | + _p = key_serial_next(_p); | |
111 | 133 | } |
112 | 134 | |
113 | 135 | return _p; |
... | ... | @@ -117,7 +139,7 @@ |
117 | 139 | static void *proc_keys_next(struct seq_file *p, void *v, loff_t *_pos) |
118 | 140 | { |
119 | 141 | (*_pos)++; |
120 | - return rb_next((struct rb_node *) v); | |
142 | + return key_serial_next((struct rb_node *) v); | |
121 | 143 | |
122 | 144 | } |
123 | 145 | |
... | ... | @@ -203,6 +225,27 @@ |
203 | 225 | |
204 | 226 | #endif /* CONFIG_KEYS_DEBUG_PROC_KEYS */ |
205 | 227 | |
228 | +static struct rb_node *__key_user_next(struct rb_node *n) | |
229 | +{ | |
230 | + while (n) { | |
231 | + struct key_user *user = rb_entry(n, struct key_user, node); | |
232 | + if (user->user_ns == current_user_ns()) | |
233 | + break; | |
234 | + n = rb_next(n); | |
235 | + } | |
236 | + return n; | |
237 | +} | |
238 | + | |
239 | +static struct rb_node *key_user_next(struct rb_node *n) | |
240 | +{ | |
241 | + return __key_user_next(rb_next(n)); | |
242 | +} | |
243 | + | |
244 | +static struct rb_node *key_user_first(struct rb_root *r) | |
245 | +{ | |
246 | + struct rb_node *n = rb_first(r); | |
247 | + return __key_user_next(n); | |
248 | +} | |
206 | 249 | /*****************************************************************************/ |
207 | 250 | /* |
208 | 251 | * implement "/proc/key-users" to provides a list of the key users |
209 | 252 | |
... | ... | @@ -220,10 +263,10 @@ |
220 | 263 | |
221 | 264 | spin_lock(&key_user_lock); |
222 | 265 | |
223 | - _p = rb_first(&key_user_tree); | |
266 | + _p = key_user_first(&key_user_tree); | |
224 | 267 | while (pos > 0 && _p) { |
225 | 268 | pos--; |
226 | - _p = rb_next(_p); | |
269 | + _p = key_user_next(_p); | |
227 | 270 | } |
228 | 271 | |
229 | 272 | return _p; |
... | ... | @@ -233,7 +276,7 @@ |
233 | 276 | static void *proc_key_users_next(struct seq_file *p, void *v, loff_t *_pos) |
234 | 277 | { |
235 | 278 | (*_pos)++; |
236 | - return rb_next((struct rb_node *) v); | |
279 | + return key_user_next((struct rb_node *) v); | |
237 | 280 | |
238 | 281 | } |
239 | 282 |