mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-09-12 21:57:43 +00:00
0f44e4d976
Move the user and user-session keyrings to the user_namespace struct rather than pinning them from the user_struct struct. This prevents these keyrings from propagating across user-namespaces boundaries with regard to the KEY_SPEC_* flags, thereby making them more useful in a containerised environment. The issue is that a single user_struct may be represent UIDs in several different namespaces. The way the patch does this is by attaching a 'register keyring' in each user_namespace and then sticking the user and user-session keyrings into that. It can then be searched to retrieve them. Signed-off-by: David Howells <dhowells@redhat.com> cc: Jann Horn <jannh@google.com> |
||
|---|---|---|
| .. | ||
| autogroup.h | ||
| clock.h | ||
| coredump.h | ||
| cpufreq.h | ||
| cputime.h | ||
| deadline.h | ||
| debug.h | ||
| hotplug.h | ||
| idle.h | ||
| init.h | ||
| isolation.h | ||
| jobctl.h | ||
| loadavg.h | ||
| mm.h | ||
| nohz.h | ||
| numa_balancing.h | ||
| prio.h | ||
| rt.h | ||
| signal.h | ||
| smt.h | ||
| stat.h | ||
| sysctl.h | ||
| task.h | ||
| task_stack.h | ||
| topology.h | ||
| user.h | ||
| wake_q.h | ||
| xacct.h | ||