keys: distinguish per-uid keys in different namespaces per-uid keys were looked by uid only. Use the user namespace to distinguish the same uid in different namespaces. This does not address key_permission. So a task can for instance try to join a keyring owned by the same uid in another namespace. That will be handled by a separate patch. Signed-off-by: Serge E. Hallyn <serue@us.ibm.com> Acked-by: David Howells <dhowells@redhat.com> Signed-off-by: James Morris <jmorris@namei.org>

commit: 1d1e97562e5e2ac60fb7b25437ba619f95f67fab [log] [tgz]
author: Serge E. Hallyn <serue@us.ibm.com> Thu Feb 26 18:27:38 2009 -0600
committer: James Morris <jmorris@namei.org> Fri Feb 27 12:35:06 2009 +1100
tree: 68a9c52ecbff0782dd9b9438685afc3b40b6f707
parent: be38e0fd5f90a91d09e0a85ffb294b70a7be6259 [diff] [blame]
diff --git a/security/keys/internal.h b/security/keys/internal.h
index 81932ab..9fb679c 100644
--- a/security/keys/internal.h
+++ b/security/keys/internal.h

@@ -53,6 +53,7 @@
 	atomic_t		nkeys;		/* number of keys */
 	atomic_t		nikeys;		/* number of instantiated keys */
 	uid_t			uid;
+	struct user_namespace	*user_ns;
 	int			qnkeys;		/* number of keys allocated to this user */
 	int			qnbytes;	/* number of bytes allocated to this user */
 };
@@ -61,7 +62,8 @@
 extern spinlock_t	key_user_lock;
 extern struct key_user	root_key_user;
 
-extern struct key_user *key_user_lookup(uid_t uid);
+extern struct key_user *key_user_lookup(uid_t uid,
+					struct user_namespace *user_ns);
 extern void key_user_put(struct key_user *user);
 
 /*
commit	1d1e97562e5e2ac60fb7b25437ba619f95f67fab	[log] [tgz]
author	Serge E. Hallyn <serue@us.ibm.com>	Thu Feb 26 18:27:38 2009 -0600
committer	James Morris <jmorris@namei.org>	Fri Feb 27 12:35:06 2009 +1100
tree	68a9c52ecbff0782dd9b9438685afc3b40b6f707
parent	be38e0fd5f90a91d09e0a85ffb294b70a7be6259 [diff] [blame]