/openbmc/linux/include/linux/sched/ |
H A D | user.h | 0f44e4d9 Wed Jun 26 15:02:32 CDT 2019 David Howells <dhowells@redhat.com> keys: Move the user and user-session keyrings to the user_namespace
Move the user and user-session keyrings to the user_namespace struct rather than pinning them from the user_struct struct. This prevents these keyrings from propagating across user-namespaces boundaries with regard to the KEY_SPEC_* flags, thereby making them more useful in a containerised environment.
The issue is that a single user_struct may be represent UIDs in several different namespaces.
The way the patch does this is by attaching a 'register keyring' in each user_namespace and then sticking the user and user-session keyrings into that. It can then be searched to retrieve them.
Signed-off-by: David Howells <dhowells@redhat.com> cc: Jann Horn <jannh@google.com> 0f44e4d9 Wed Jun 26 15:02:32 CDT 2019 David Howells <dhowells@redhat.com> keys: Move the user and user-session keyrings to the user_namespace Move the user and user-session keyrings to the user_namespace struct rather than pinning them from the user_struct struct. This prevents these keyrings from propagating across user-namespaces boundaries with regard to the KEY_SPEC_* flags, thereby making them more useful in a containerised environment. The issue is that a single user_struct may be represent UIDs in several different namespaces. The way the patch does this is by attaching a 'register keyring' in each user_namespace and then sticking the user and user-session keyrings into that. It can then be searched to retrieve them. Signed-off-by: David Howells <dhowells@redhat.com> cc: Jann Horn <jannh@google.com>
|
/openbmc/linux/security/keys/ |
H A D | persistent.c | 0f44e4d9 Wed Jun 26 15:02:32 CDT 2019 David Howells <dhowells@redhat.com> keys: Move the user and user-session keyrings to the user_namespace
Move the user and user-session keyrings to the user_namespace struct rather than pinning them from the user_struct struct. This prevents these keyrings from propagating across user-namespaces boundaries with regard to the KEY_SPEC_* flags, thereby making them more useful in a containerised environment.
The issue is that a single user_struct may be represent UIDs in several different namespaces.
The way the patch does this is by attaching a 'register keyring' in each user_namespace and then sticking the user and user-session keyrings into that. It can then be searched to retrieve them.
Signed-off-by: David Howells <dhowells@redhat.com> cc: Jann Horn <jannh@google.com> 0f44e4d9 Wed Jun 26 15:02:32 CDT 2019 David Howells <dhowells@redhat.com> keys: Move the user and user-session keyrings to the user_namespace Move the user and user-session keyrings to the user_namespace struct rather than pinning them from the user_struct struct. This prevents these keyrings from propagating across user-namespaces boundaries with regard to the KEY_SPEC_* flags, thereby making them more useful in a containerised environment. The issue is that a single user_struct may be represent UIDs in several different namespaces. The way the patch does this is by attaching a 'register keyring' in each user_namespace and then sticking the user and user-session keyrings into that. It can then be searched to retrieve them. Signed-off-by: David Howells <dhowells@redhat.com> cc: Jann Horn <jannh@google.com>
|
H A D | internal.h | 0f44e4d9 Wed Jun 26 15:02:32 CDT 2019 David Howells <dhowells@redhat.com> keys: Move the user and user-session keyrings to the user_namespace
Move the user and user-session keyrings to the user_namespace struct rather than pinning them from the user_struct struct. This prevents these keyrings from propagating across user-namespaces boundaries with regard to the KEY_SPEC_* flags, thereby making them more useful in a containerised environment.
The issue is that a single user_struct may be represent UIDs in several different namespaces.
The way the patch does this is by attaching a 'register keyring' in each user_namespace and then sticking the user and user-session keyrings into that. It can then be searched to retrieve them.
Signed-off-by: David Howells <dhowells@redhat.com> cc: Jann Horn <jannh@google.com> 0f44e4d9 Wed Jun 26 15:02:32 CDT 2019 David Howells <dhowells@redhat.com> keys: Move the user and user-session keyrings to the user_namespace Move the user and user-session keyrings to the user_namespace struct rather than pinning them from the user_struct struct. This prevents these keyrings from propagating across user-namespaces boundaries with regard to the KEY_SPEC_* flags, thereby making them more useful in a containerised environment. The issue is that a single user_struct may be represent UIDs in several different namespaces. The way the patch does this is by attaching a 'register keyring' in each user_namespace and then sticking the user and user-session keyrings into that. It can then be searched to retrieve them. Signed-off-by: David Howells <dhowells@redhat.com> cc: Jann Horn <jannh@google.com>
|
H A D | request_key.c | 0f44e4d9 Wed Jun 26 15:02:32 CDT 2019 David Howells <dhowells@redhat.com> keys: Move the user and user-session keyrings to the user_namespace
Move the user and user-session keyrings to the user_namespace struct rather than pinning them from the user_struct struct. This prevents these keyrings from propagating across user-namespaces boundaries with regard to the KEY_SPEC_* flags, thereby making them more useful in a containerised environment.
The issue is that a single user_struct may be represent UIDs in several different namespaces.
The way the patch does this is by attaching a 'register keyring' in each user_namespace and then sticking the user and user-session keyrings into that. It can then be searched to retrieve them.
Signed-off-by: David Howells <dhowells@redhat.com> cc: Jann Horn <jannh@google.com> 0f44e4d9 Wed Jun 26 15:02:32 CDT 2019 David Howells <dhowells@redhat.com> keys: Move the user and user-session keyrings to the user_namespace Move the user and user-session keyrings to the user_namespace struct rather than pinning them from the user_struct struct. This prevents these keyrings from propagating across user-namespaces boundaries with regard to the KEY_SPEC_* flags, thereby making them more useful in a containerised environment. The issue is that a single user_struct may be represent UIDs in several different namespaces. The way the patch does this is by attaching a 'register keyring' in each user_namespace and then sticking the user and user-session keyrings into that. It can then be searched to retrieve them. Signed-off-by: David Howells <dhowells@redhat.com> cc: Jann Horn <jannh@google.com>
|
H A D | process_keys.c | 0f44e4d9 Wed Jun 26 15:02:32 CDT 2019 David Howells <dhowells@redhat.com> keys: Move the user and user-session keyrings to the user_namespace
Move the user and user-session keyrings to the user_namespace struct rather than pinning them from the user_struct struct. This prevents these keyrings from propagating across user-namespaces boundaries with regard to the KEY_SPEC_* flags, thereby making them more useful in a containerised environment.
The issue is that a single user_struct may be represent UIDs in several different namespaces.
The way the patch does this is by attaching a 'register keyring' in each user_namespace and then sticking the user and user-session keyrings into that. It can then be searched to retrieve them.
Signed-off-by: David Howells <dhowells@redhat.com> cc: Jann Horn <jannh@google.com> 0f44e4d9 Wed Jun 26 15:02:32 CDT 2019 David Howells <dhowells@redhat.com> keys: Move the user and user-session keyrings to the user_namespace Move the user and user-session keyrings to the user_namespace struct rather than pinning them from the user_struct struct. This prevents these keyrings from propagating across user-namespaces boundaries with regard to the KEY_SPEC_* flags, thereby making them more useful in a containerised environment. The issue is that a single user_struct may be represent UIDs in several different namespaces. The way the patch does this is by attaching a 'register keyring' in each user_namespace and then sticking the user and user-session keyrings into that. It can then be searched to retrieve them. Signed-off-by: David Howells <dhowells@redhat.com> cc: Jann Horn <jannh@google.com>
|
H A D | keyring.c | 0f44e4d9 Wed Jun 26 15:02:32 CDT 2019 David Howells <dhowells@redhat.com> keys: Move the user and user-session keyrings to the user_namespace
Move the user and user-session keyrings to the user_namespace struct rather than pinning them from the user_struct struct. This prevents these keyrings from propagating across user-namespaces boundaries with regard to the KEY_SPEC_* flags, thereby making them more useful in a containerised environment.
The issue is that a single user_struct may be represent UIDs in several different namespaces.
The way the patch does this is by attaching a 'register keyring' in each user_namespace and then sticking the user and user-session keyrings into that. It can then be searched to retrieve them.
Signed-off-by: David Howells <dhowells@redhat.com> cc: Jann Horn <jannh@google.com> 0f44e4d9 Wed Jun 26 15:02:32 CDT 2019 David Howells <dhowells@redhat.com> keys: Move the user and user-session keyrings to the user_namespace Move the user and user-session keyrings to the user_namespace struct rather than pinning them from the user_struct struct. This prevents these keyrings from propagating across user-namespaces boundaries with regard to the KEY_SPEC_* flags, thereby making them more useful in a containerised environment. The issue is that a single user_struct may be represent UIDs in several different namespaces. The way the patch does this is by attaching a 'register keyring' in each user_namespace and then sticking the user and user-session keyrings into that. It can then be searched to retrieve them. Signed-off-by: David Howells <dhowells@redhat.com> cc: Jann Horn <jannh@google.com>
|
/openbmc/linux/include/linux/ |
H A D | user_namespace.h | 0f44e4d9 Wed Jun 26 15:02:32 CDT 2019 David Howells <dhowells@redhat.com> keys: Move the user and user-session keyrings to the user_namespace
Move the user and user-session keyrings to the user_namespace struct rather than pinning them from the user_struct struct. This prevents these keyrings from propagating across user-namespaces boundaries with regard to the KEY_SPEC_* flags, thereby making them more useful in a containerised environment.
The issue is that a single user_struct may be represent UIDs in several different namespaces.
The way the patch does this is by attaching a 'register keyring' in each user_namespace and then sticking the user and user-session keyrings into that. It can then be searched to retrieve them.
Signed-off-by: David Howells <dhowells@redhat.com> cc: Jann Horn <jannh@google.com> 0f44e4d9 Wed Jun 26 15:02:32 CDT 2019 David Howells <dhowells@redhat.com> keys: Move the user and user-session keyrings to the user_namespace Move the user and user-session keyrings to the user_namespace struct rather than pinning them from the user_struct struct. This prevents these keyrings from propagating across user-namespaces boundaries with regard to the KEY_SPEC_* flags, thereby making them more useful in a containerised environment. The issue is that a single user_struct may be represent UIDs in several different namespaces. The way the patch does this is by attaching a 'register keyring' in each user_namespace and then sticking the user and user-session keyrings into that. It can then be searched to retrieve them. Signed-off-by: David Howells <dhowells@redhat.com> cc: Jann Horn <jannh@google.com>
|
/openbmc/linux/kernel/ |
H A D | user.c | 0f44e4d9 Wed Jun 26 15:02:32 CDT 2019 David Howells <dhowells@redhat.com> keys: Move the user and user-session keyrings to the user_namespace
Move the user and user-session keyrings to the user_namespace struct rather than pinning them from the user_struct struct. This prevents these keyrings from propagating across user-namespaces boundaries with regard to the KEY_SPEC_* flags, thereby making them more useful in a containerised environment.
The issue is that a single user_struct may be represent UIDs in several different namespaces.
The way the patch does this is by attaching a 'register keyring' in each user_namespace and then sticking the user and user-session keyrings into that. It can then be searched to retrieve them.
Signed-off-by: David Howells <dhowells@redhat.com> cc: Jann Horn <jannh@google.com> 0f44e4d9 Wed Jun 26 15:02:32 CDT 2019 David Howells <dhowells@redhat.com> keys: Move the user and user-session keyrings to the user_namespace Move the user and user-session keyrings to the user_namespace struct rather than pinning them from the user_struct struct. This prevents these keyrings from propagating across user-namespaces boundaries with regard to the KEY_SPEC_* flags, thereby making them more useful in a containerised environment. The issue is that a single user_struct may be represent UIDs in several different namespaces. The way the patch does this is by attaching a 'register keyring' in each user_namespace and then sticking the user and user-session keyrings into that. It can then be searched to retrieve them. Signed-off-by: David Howells <dhowells@redhat.com> cc: Jann Horn <jannh@google.com>
|
H A D | user_namespace.c | 0f44e4d9 Wed Jun 26 15:02:32 CDT 2019 David Howells <dhowells@redhat.com> keys: Move the user and user-session keyrings to the user_namespace
Move the user and user-session keyrings to the user_namespace struct rather than pinning them from the user_struct struct. This prevents these keyrings from propagating across user-namespaces boundaries with regard to the KEY_SPEC_* flags, thereby making them more useful in a containerised environment.
The issue is that a single user_struct may be represent UIDs in several different namespaces.
The way the patch does this is by attaching a 'register keyring' in each user_namespace and then sticking the user and user-session keyrings into that. It can then be searched to retrieve them.
Signed-off-by: David Howells <dhowells@redhat.com> cc: Jann Horn <jannh@google.com> 0f44e4d9 Wed Jun 26 15:02:32 CDT 2019 David Howells <dhowells@redhat.com> keys: Move the user and user-session keyrings to the user_namespace Move the user and user-session keyrings to the user_namespace struct rather than pinning them from the user_struct struct. This prevents these keyrings from propagating across user-namespaces boundaries with regard to the KEY_SPEC_* flags, thereby making them more useful in a containerised environment. The issue is that a single user_struct may be represent UIDs in several different namespaces. The way the patch does this is by attaching a 'register keyring' in each user_namespace and then sticking the user and user-session keyrings into that. It can then be searched to retrieve them. Signed-off-by: David Howells <dhowells@redhat.com> cc: Jann Horn <jannh@google.com>
|