diff options
author | Josh Boyer <jwboyer@fedoraproject.org> | 2013-09-09 08:29:49 -0400 |
---|---|---|
committer | Josh Boyer <jwboyer@fedoraproject.org> | 2013-09-09 08:29:49 -0400 |
commit | 6176c6c82f17d4a0bf80bbb45f0ee1ee078e7d8f (patch) | |
tree | 63a2cb86bfeda1f6dbd2e8618127cc558bdf53d8 | |
parent | 220bf454733a04d380a9edbbde8c7de34e219450 (diff) | |
download | kernel-6176c6c82f17d4a0bf80bbb45f0ee1ee078e7d8f.tar.gz kernel-6176c6c82f17d4a0bf80bbb45f0ee1ee078e7d8f.tar.xz kernel-6176c6c82f17d4a0bf80bbb45f0ee1ee078e7d8f.zip |
Linux v3.11-7890-ge5c832d
-rw-r--r-- | config-generic | 2 | ||||
-rw-r--r-- | config-x86-generic | 9 | ||||
-rw-r--r-- | kernel.spec | 5 | ||||
-rw-r--r-- | keys-krb-support.patch | 228 | ||||
-rw-r--r-- | sources | 2 |
5 files changed, 39 insertions, 207 deletions
diff --git a/config-generic b/config-generic index 4c29f55b3..f4149c0d1 100644 --- a/config-generic +++ b/config-generic @@ -2019,6 +2019,7 @@ CONFIG_INPUT_SPARSEKMAP=m # CONFIG_INPUT_IMS_PCU is not set CONFIG_INPUT_CMA3000=m CONFIG_INPUT_CMA3000_I2C=m +CONFIG_INPUT_IDEAPAD_SLIDEBAR=m # # Input I/O drivers @@ -3723,6 +3724,7 @@ CONFIG_MFD_VIPERBOARD=m # CONFIG_MFD_SI476X_CORE is not set # CONFIG_MFD_TPS65912 is not set # CONFIG_MFD_SYSCON is not set +# CONFIG_MFD_DA9063 is not set # # File systems diff --git a/config-x86-generic b/config-x86-generic index 0b61dfe79..133cb85df 100644 --- a/config-x86-generic +++ b/config-x86-generic @@ -363,6 +363,10 @@ CONFIG_LPC_ICH=m CONFIG_GPIO_ICH=m # CONFIG_GPIO_LYNXPOINT is not set +# CONFIG_GPIO_GENERIC_PLATFORM is not set +# CONFIG_GPIO_MCP23S08 is not set +# CONFIG_GPIO_F7188X is not set + CONFIG_PCI_CNB20LE_QUIRK=y @@ -399,9 +403,6 @@ CONFIG_HP_ACCEL=m # CONFIG_RAPIDIO is not set -# CONFIG_GPIO_GENERIC_PLATFORM is not set -# CONFIG_GPIO_MCP23S08 is not set - CONFIG_SCHED_SMT=y CONFIG_CC_STACKPROTECTOR=y CONFIG_RELOCATABLE=y @@ -458,3 +459,5 @@ CONFIG_MODULE_SIG_UEFI=y CONFIG_VMXNET3=m CONFIG_VFIO_PCI_VGA=y + +# CONFIG_NTB is not set diff --git a/kernel.spec b/kernel.spec index 01af51317..7a8f54940 100644 --- a/kernel.spec +++ b/kernel.spec @@ -95,7 +95,7 @@ Summary: The Linux kernel # The rc snapshot level %define rcrev 0 # The git snapshot level -%define gitrev 15 +%define gitrev 16 # Set rpm version accordingly %define rpmversion 3.%{upstream_sublevel}.0 %endif @@ -2297,6 +2297,9 @@ fi # ||----w | # || || %changelog +* Mon Sep 09 2013 Josh Boyer <jwboyer@fedoraproject.org> - 3.12.0-0.rc0.git16.1 +- Linux v3.11-7890-ge5c832d + * Mon Sep 09 2013 Josh Boyer <jwboyer@fedoraproject.org> - 3.12.0-0.rc0.git15.1 - Linux v3.11-7547-g44598f9 diff --git a/keys-krb-support.patch b/keys-krb-support.patch index 07a909daa..6b77a2eb2 100644 --- a/keys-krb-support.patch +++ b/keys-krb-support.patch @@ -1,4 +1,4 @@ -From 64160c504842a359801cff17464931fa028ff164 Mon Sep 17 00:00:00 2001 +From d7ccdaa17aab12a49f5e9e327b55167c4af26bf8 Mon Sep 17 00:00:00 2001 From: David Howells <dhowells@redhat.com> Date: Fri, 30 Aug 2013 15:37:54 +0100 Subject: [PATCH 1/2] KEYS: Implement a big key type that can save to tmpfs @@ -308,7 +308,7 @@ index 0000000..5f9defc 1.8.3.1 -From b1e5b74e060add16de8d6005802644fa1700167f Mon Sep 17 00:00:00 2001 +From d427a1d839e18965975d502d30d4ef912d1e0f8f Mon Sep 17 00:00:00 2001 From: David Howells <dhowells@redhat.com> Date: Fri, 30 Aug 2013 15:37:54 +0100 Subject: [PATCH 2/2] KEYS: Add per-user_namespace registers for persistent @@ -377,34 +377,33 @@ Tested-by: Simo Sorce <simo@redhat.com> cc: Serge E. Hallyn <serge.hallyn@ubuntu.com> cc: Eric W. Biederman <ebiederm@xmission.com> --- - include/linux/user_namespace.h | 6 ++ - include/uapi/linux/keyctl.h | 1 + - kernel/user.c | 4 + - kernel/user_namespace.c | 6 ++ - security/keys/Kconfig | 17 +++++ - security/keys/Makefile | 1 + - security/keys/compat.c | 3 + - security/keys/internal.h | 9 +++ - security/keys/keyctl.c | 3 + - security/keys/persistent.c | 169 +++++++++++++++++++++++++++++++++++++++++ - security/keys/sysctl.c | 11 +++ - 11 files changed, 230 insertions(+) - create mode 100644 security/keys/persistent.c + include/linux/user_namespace.h | 7 +++++++ + include/uapi/linux/keyctl.h | 1 + + kernel/user.c | 4 ++++ + kernel/user_namespace.c | 6 ++++++ + security/keys/Kconfig | 17 +++++++++++++++++ + security/keys/Makefile | 1 + + security/keys/compat.c | 3 +++ + security/keys/internal.h | 9 +++++++++ + security/keys/keyctl.c | 3 +++ + security/keys/sysctl.c | 11 +++++++++++ + 10 files changed, 62 insertions(+) diff --git a/include/linux/user_namespace.h b/include/linux/user_namespace.h -index b6b215f..cf21958 100644 +index 4db2985..bb0639d 100644 --- a/include/linux/user_namespace.h +++ b/include/linux/user_namespace.h -@@ -28,6 +28,12 @@ struct user_namespace { +@@ -27,6 +27,13 @@ struct user_namespace { + kuid_t owner; + kgid_t group; unsigned int proc_inum; - bool may_mount_sysfs; - bool may_mount_proc; + + /* Register of per-UID persistent keyrings for this namespace */ +#ifdef CONFIG_PERSISTENT_KEYRINGS + struct key *persistent_keyring_register; + struct rw_semaphore persistent_keyring_register_sem; +#endif ++ }; extern struct user_namespace init_user_ns; @@ -420,13 +419,13 @@ index c9b7f4fa..840cb99 100644 #endif /* _LINUX_KEYCTL_H */ diff --git a/kernel/user.c b/kernel/user.c -index 69b4c3d..6c9e1b9 100644 +index 5bbb919..a3a0dbf 100644 --- a/kernel/user.c +++ b/kernel/user.c -@@ -53,6 +53,10 @@ struct user_namespace init_user_ns = { +@@ -51,6 +51,10 @@ struct user_namespace init_user_ns = { + .owner = GLOBAL_ROOT_UID, + .group = GLOBAL_ROOT_GID, .proc_inum = PROC_USER_INIT_INO, - .may_mount_sysfs = true, - .may_mount_proc = true, +#ifdef CONFIG_KEYS_KERBEROS_CACHE + .krb_cache_register_sem = + __RWSEM_INITIALIZER(init_user_ns.krb_cache_register_sem), @@ -435,12 +434,12 @@ index 69b4c3d..6c9e1b9 100644 EXPORT_SYMBOL_GPL(init_user_ns); diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c -index d8c30db..ef7985e 100644 +index 13fb113..2dbc299 100644 --- a/kernel/user_namespace.c +++ b/kernel/user_namespace.c -@@ -99,6 +99,9 @@ int create_user_ns(struct cred *new) +@@ -101,6 +101,9 @@ int create_user_ns(struct cred *new) - update_mnt_policy(ns); + set_cred_user_ns(new, ns); +#ifdef CONFIG_PERSISTENT_KEYRINGS + rwsem_init(&ns->persistent_keyring_register_sem); @@ -448,7 +447,7 @@ index d8c30db..ef7985e 100644 return 0; } -@@ -123,6 +126,9 @@ void free_user_ns(struct user_namespace *ns) +@@ -130,6 +133,9 @@ void free_user_ns(struct user_namespace *ns) do { parent = ns->parent; @@ -546,181 +545,6 @@ index 33cfd27..cee72ce 100644 default: return -EOPNOTSUPP; } -diff --git a/security/keys/persistent.c b/security/keys/persistent.c -new file mode 100644 -index 0000000..631a022 ---- /dev/null -+++ b/security/keys/persistent.c -@@ -0,0 +1,169 @@ -+/* General persistent per-UID keyrings register -+ * -+ * Copyright (C) 2013 Red Hat, Inc. All Rights Reserved. -+ * Written by David Howells (dhowells@redhat.com) -+ * -+ * This program is free software; you can redistribute it and/or -+ * modify it under the terms of the GNU General Public Licence -+ * as published by the Free Software Foundation; either version -+ * 2 of the Licence, or (at your option) any later version. -+ */ -+ -+#include <linux/user_namespace.h> -+#include "internal.h" -+ -+unsigned persistent_keyring_expiry = 3 * 24 * 3600; /* Expire after 3 days of non-use */ -+ -+/* -+ * Create the persistent keyring register for the current user namespace. -+ * -+ * Called with the namespace's sem locked for writing. -+ */ -+static int key_create_persistent_register(struct user_namespace *ns) -+{ -+ struct key *reg = keyring_alloc(".persistent_register", -+ KUIDT_INIT(0), KGIDT_INIT(0), -+ current_cred(), -+ ((KEY_POS_ALL & ~KEY_POS_SETATTR) | -+ KEY_USR_VIEW | KEY_USR_READ), -+ KEY_ALLOC_NOT_IN_QUOTA, NULL); -+ if (IS_ERR(reg)) -+ return PTR_ERR(reg); -+ -+ ns->persistent_keyring_register = reg; -+ return 0; -+} -+ -+/* -+ * Create the persistent keyring for the specified user. -+ * -+ * Called with the namespace's sem locked for writing. -+ */ -+static key_ref_t key_create_persistent(struct user_namespace *ns, kuid_t uid, -+ struct keyring_index_key *index_key) -+{ -+ struct key *persistent; -+ key_ref_t reg_ref, persistent_ref; -+ -+ if (!ns->persistent_keyring_register) { -+ long err = key_create_persistent_register(ns); -+ if (err < 0) -+ return ERR_PTR(err); -+ } else { -+ reg_ref = make_key_ref(ns->persistent_keyring_register, true); -+ persistent_ref = find_key_to_update(reg_ref, index_key); -+ if (persistent_ref) -+ return persistent_ref; -+ } -+ -+ persistent = keyring_alloc(index_key->description, -+ uid, INVALID_GID, current_cred(), -+ ((KEY_POS_ALL & ~KEY_POS_SETATTR) | -+ KEY_USR_VIEW | KEY_USR_READ), -+ KEY_ALLOC_NOT_IN_QUOTA, -+ ns->persistent_keyring_register); -+ if (IS_ERR(persistent)) -+ return ERR_CAST(persistent); -+ -+ return make_key_ref(persistent, true); -+} -+ -+/* -+ * Get the persistent keyring for a specific UID and link it to the nominated -+ * keyring. -+ */ -+static long key_get_persistent(struct user_namespace *ns, kuid_t uid, -+ key_ref_t dest_ref) -+{ -+ struct keyring_index_key index_key; -+ struct key *persistent; -+ key_ref_t reg_ref, persistent_ref; -+ char buf[32]; -+ long ret; -+ -+ /* Look in the register if it exists */ -+ index_key.type = &key_type_keyring; -+ index_key.description = buf; -+ index_key.desc_len = sprintf(buf, "_persistent.%u", from_kuid(ns, uid)); -+ -+ if (ns->persistent_keyring_register) { -+ reg_ref = make_key_ref(ns->persistent_keyring_register, true); -+ down_read(&ns->persistent_keyring_register_sem); -+ persistent_ref = find_key_to_update(reg_ref, &index_key); -+ up_read(&ns->persistent_keyring_register_sem); -+ -+ if (persistent_ref) -+ goto found; -+ } -+ -+ /* It wasn't in the register, so we'll need to create it. We might -+ * also need to create the register. -+ */ -+ down_write(&ns->persistent_keyring_register_sem); -+ persistent_ref = key_create_persistent(ns, uid, &index_key); -+ up_write(&ns->persistent_keyring_register_sem); -+ if (!IS_ERR(persistent_ref)) -+ goto found; -+ -+ return PTR_ERR(persistent_ref); -+ -+found: -+ ret = key_task_permission(persistent_ref, current_cred(), KEY_LINK); -+ if (ret == 0) { -+ persistent = key_ref_to_ptr(persistent_ref); -+ ret = key_link(key_ref_to_ptr(dest_ref), persistent); -+ if (ret == 0) { -+ key_set_timeout(persistent, persistent_keyring_expiry); -+ ret = persistent->serial; -+ } -+ } -+ -+ key_ref_put(persistent_ref); -+ return ret; -+} -+ -+/* -+ * Get the persistent keyring for a specific UID and link it to the nominated -+ * keyring. -+ */ -+long keyctl_get_persistent(uid_t _uid, key_serial_t destid) -+{ -+ struct user_namespace *ns = current_user_ns(); -+ key_ref_t dest_ref; -+ kuid_t uid; -+ long ret; -+ -+ /* -1 indicates the current user */ -+ if (_uid == (uid_t)-1) { -+ uid = current_uid(); -+ } else { -+ uid = make_kuid(ns, _uid); -+ if (!uid_valid(uid)) -+ return -EINVAL; -+ -+ /* You can only see your own persistent cache if you're not -+ * sufficiently privileged. -+ */ -+ if (uid != current_uid() && -+ uid != current_suid() && -+ uid != current_euid() && -+ uid != current_fsuid() && -+ !ns_capable(ns, CAP_SETUID)) -+ return -EPERM; -+ } -+ -+ /* There must be a destination keyring */ -+ dest_ref = lookup_user_key(destid, KEY_LOOKUP_CREATE, KEY_WRITE); -+ if (IS_ERR(dest_ref)) -+ return PTR_ERR(dest_ref); -+ if (key_ref_to_ptr(dest_ref)->type != &key_type_keyring) { -+ ret = -ENOTDIR; -+ goto out_put_dest; -+ } -+ -+ ret = key_get_persistent(ns, uid, dest_ref); -+ -+out_put_dest: -+ key_ref_put(dest_ref); -+ return ret; -+} diff --git a/security/keys/sysctl.c b/security/keys/sysctl.c index ee32d18..8c0af08 100644 --- a/security/keys/sysctl.c @@ -1,2 +1,2 @@ fea363551ff45fbe4cb88497b863b261 linux-3.11.tar.xz -1edbdfa0647db1e09e641501b1304343 patch-3.11-git15.xz +b45d241996ec1f50a7a65919822612e7 patch-3.11-git16.xz |