keys: skip keys from another user namespace

When listing keys, do not return keys belonging to the same uid in another user namespace. Otherwise uid 500 in another user namespace will return keyrings called uid.500 for another user namespace. Signed-off-by: Serge E. Hallyn <serue@us.ibm.com> Acked-by: David Howells <dhowells@redhat.com> Signed-off-by: James Morris <jmorris@namei.org>
author: Serge E. Hallyn <serue@us.ibm.com> 2009-02-27 00:27:55 (GMT)
committer: James Morris <jmorris@namei.org> 2009-02-27 01:35:12 (GMT)
commit: 2ea190d0a006ce5218baa6e798512652446a605a (patch)
tree: 1d8612678355c77d8ea9f316ef6ce7d80ee6d613 /security
parent: 8ff3bc3138a400294ee9e126ac75fc9a9fae4e0b (diff)
download: linux-2ea190d0a006ce5218baa6e798512652446a605a.tar.xz
1 files changed, 3 insertions, 0 deletions
diff --git a/security/keys/keyring.c b/security/keys/keyring.c
index ed85157..3dba81c 100644
--- a/security/keys/keyring.c
+++ b/security/keys/keyring.c
@@ -539,6 +539,9 @@ struct key *find_keyring_by_name(const char *name, bool skip_perm_check)
 				    &keyring_name_hash[bucket],
 				    type_data.link
 				    ) {
+			if (keyring->user->user_ns != current_user_ns())
+				continue;
+
 			if (test_bit(KEY_FLAG_REVOKED, &keyring->flags))
 				continue;
author	Serge E. Hallyn <serue@us.ibm.com>	2009-02-27 00:27:55 (GMT)
committer	James Morris <jmorris@namei.org>	2009-02-27 01:35:12 (GMT)
commit	2ea190d0a006ce5218baa6e798512652446a605a (patch)
tree	1d8612678355c77d8ea9f316ef6ce7d80ee6d613 /security
parent	8ff3bc3138a400294ee9e126ac75fc9a9fae4e0b (diff)
download	linux-2ea190d0a006ce5218baa6e798512652446a605a.tar.xz