• David Howells's avatar
    KEYS: Don't permit request_key() to construct a new keyring · 911b79cd
    David Howells authored
    If request_key() is used to find a keyring, only do the search part - don't
    do the construction part if the keyring was not found by the search.  We
    don't really want keyrings in the negative instantiated state since the
    rejected/negative instantiation error value in the payload is unioned with
    keyring metadata.
    
    Now the kernel gives an error:
    
    	request_key("keyring", "#selinux,bdekeyring", "keyring", KEY_SPEC_USER_SESSION_KEYRING) = -1 EPERM (Operation not permitted)
    Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
    911b79cd
Name
Last commit
Last update
..
apparmor Loading commit data...
integrity Loading commit data...
keys Loading commit data...
selinux Loading commit data...
smack Loading commit data...
tomoyo Loading commit data...
yama Loading commit data...
Kconfig Loading commit data...
Makefile Loading commit data...
commoncap.c Loading commit data...
device_cgroup.c Loading commit data...
inode.c Loading commit data...
lsm_audit.c Loading commit data...
min_addr.c Loading commit data...
security.c Loading commit data...