From: Eric Biggers <ebiggers@kernel.org>
To: Stephen Rothwell <sfr@canb.auug.org.au>
Cc: linux-fscrypt@vger.kernel.org, linux-next@vger.kernel.org,
keyrings@vger.kernel.org
Subject: Merge resolution for fscrypt and keyrings trees
Date: Wed, 14 Aug 2019 22:28:23 +0000 [thread overview]
Message-ID: <20190814222822.GA101319@gmail.com> (raw)
Hi Stephen, the fscrypt patches I've just pushed out conflict with the keys ACLs
patch in keys-next. To resolve the conflict for tomorrow's linux-next:
1. Discard change to deleted file keyinfo.c
2. In keyinfo_v1.c, add NULL argument to request_key() [this was change (1)]
3. In keyring.c, translate key permissions to ACLs
'git diff fscrypt/master -- fs/crypto/' on the merge commit should show:
diff --git a/fs/crypto/keyring.c b/fs/crypto/keyring.c
index c34fa7c61b43b0..8a7519b120153b 100644
--- a/fs/crypto/keyring.c
+++ b/fs/crypto/keyring.c
@@ -127,6 +127,38 @@ static struct key_type key_type_fscrypt_user = {
.describe = fscrypt_user_key_describe,
};
+static struct key_acl fscrypt_keyring_acl = {
+ .usage = REFCOUNT_INIT(1),
+ .nr_ace = 2,
+ .aces = {
+ KEY_POSSESSOR_ACE(KEY_ACE_SEARCH | KEY_ACE_INVAL |
+ KEY_ACE_JOIN),
+ KEY_OWNER_ACE(KEY_ACE_SEARCH | KEY_ACE_INVAL | KEY_ACE_JOIN |
+ KEY_ACE_READ | KEY_ACE_VIEW),
+ }
+};
+
+static struct key_acl fscrypt_key_acl = {
+ .usage = REFCOUNT_INIT(1),
+ .nr_ace = 2,
+ .aces = {
+ KEY_POSSESSOR_ACE(KEY_ACE_SEARCH | KEY_ACE_INVAL |
+ KEY_ACE_JOIN),
+ KEY_OWNER_ACE(KEY_ACE_SEARCH | KEY_ACE_INVAL | KEY_ACE_JOIN |
+ KEY_ACE_VIEW),
+ }
+};
+
+static struct key_acl fscrypt_user_key_acl = {
+ .usage = REFCOUNT_INIT(1),
+ .nr_ace = 2,
+ .aces = {
+ KEY_POSSESSOR_ACE(KEY_ACE_SEARCH | KEY_ACE_INVAL |
+ KEY_ACE_JOIN),
+ KEY_OWNER_ACE(KEY_ACE_VIEW),
+ }
+};
+
/* Search ->s_master_keys or ->mk_users */
static struct key *search_fscrypt_keyring(struct key *keyring,
struct key_type *type,
@@ -203,8 +235,7 @@ static int allocate_filesystem_keyring(struct super_block *sb)
format_fs_keyring_description(description, sb);
keyring = keyring_alloc(description, GLOBAL_ROOT_UID, GLOBAL_ROOT_GID,
- current_cred(), KEY_POS_SEARCH |
- KEY_USR_SEARCH | KEY_USR_READ | KEY_USR_VIEW,
+ current_cred(), &fscrypt_keyring_acl,
KEY_ALLOC_NOT_IN_QUOTA, NULL, NULL);
if (IS_ERR(keyring))
return PTR_ERR(keyring);
@@ -247,8 +278,7 @@ static int allocate_master_key_users_keyring(struct fscrypt_master_key *mk)
format_mk_users_keyring_description(description,
mk->mk_spec.u.identifier);
keyring = keyring_alloc(description, GLOBAL_ROOT_UID, GLOBAL_ROOT_GID,
- current_cred(), KEY_POS_SEARCH |
- KEY_USR_SEARCH | KEY_USR_READ | KEY_USR_VIEW,
+ current_cred(), &fscrypt_keyring_acl,
KEY_ALLOC_NOT_IN_QUOTA, NULL, NULL);
if (IS_ERR(keyring))
return PTR_ERR(keyring);
@@ -285,7 +315,7 @@ static int add_master_key_user(struct fscrypt_master_key *mk)
format_mk_user_description(description, mk->mk_spec.u.identifier);
mk_user = key_alloc(&key_type_fscrypt_user, description,
current_fsuid(), current_gid(), current_cred(),
- KEY_POS_SEARCH | KEY_USR_VIEW, 0, NULL);
+ &fscrypt_user_key_acl, 0, NULL);
if (IS_ERR(mk_user))
return PTR_ERR(mk_user);
@@ -357,8 +387,7 @@ static int add_new_master_key(struct fscrypt_master_key_secret *secret,
format_mk_description(description, mk_spec);
key = key_alloc(&key_type_fscrypt, description,
GLOBAL_ROOT_UID, GLOBAL_ROOT_GID, current_cred(),
- KEY_POS_SEARCH | KEY_USR_SEARCH | KEY_USR_VIEW,
- KEY_ALLOC_NOT_IN_QUOTA, NULL);
+ &fscrypt_key_acl, KEY_ALLOC_NOT_IN_QUOTA, NULL);
if (IS_ERR(key)) {
err = PTR_ERR(key);
goto out_free_mk;
diff --git a/fs/crypto/keysetup_v1.c b/fs/crypto/keysetup_v1.c
index ad1a36c370c3fb..0727251be865b7 100644
--- a/fs/crypto/keysetup_v1.c
+++ b/fs/crypto/keysetup_v1.c
@@ -104,7 +104,7 @@ find_and_lock_process_key(const char *prefix,
if (!description)
return ERR_PTR(-ENOMEM);
- key = request_key(&key_type_logon, description, NULL);
+ key = request_key(&key_type_logon, description, NULL, NULL);
kfree(description);
if (IS_ERR(key))
return key;
WARNING: multiple messages have this Message-ID (diff)
From: Eric Biggers <ebiggers@kernel.org>
To: Stephen Rothwell <sfr@canb.auug.org.au>
Cc: linux-fscrypt@vger.kernel.org, linux-next@vger.kernel.org,
keyrings@vger.kernel.org
Subject: Merge resolution for fscrypt and keyrings trees
Date: Wed, 14 Aug 2019 15:28:23 -0700 [thread overview]
Message-ID: <20190814222822.GA101319@gmail.com> (raw)
Hi Stephen, the fscrypt patches I've just pushed out conflict with the keys ACLs
patch in keys-next. To resolve the conflict for tomorrow's linux-next:
1. Discard change to deleted file keyinfo.c
2. In keyinfo_v1.c, add NULL argument to request_key() [this was change (1)]
3. In keyring.c, translate key permissions to ACLs
'git diff fscrypt/master -- fs/crypto/' on the merge commit should show:
diff --git a/fs/crypto/keyring.c b/fs/crypto/keyring.c
index c34fa7c61b43b0..8a7519b120153b 100644
--- a/fs/crypto/keyring.c
+++ b/fs/crypto/keyring.c
@@ -127,6 +127,38 @@ static struct key_type key_type_fscrypt_user = {
.describe = fscrypt_user_key_describe,
};
+static struct key_acl fscrypt_keyring_acl = {
+ .usage = REFCOUNT_INIT(1),
+ .nr_ace = 2,
+ .aces = {
+ KEY_POSSESSOR_ACE(KEY_ACE_SEARCH | KEY_ACE_INVAL |
+ KEY_ACE_JOIN),
+ KEY_OWNER_ACE(KEY_ACE_SEARCH | KEY_ACE_INVAL | KEY_ACE_JOIN |
+ KEY_ACE_READ | KEY_ACE_VIEW),
+ }
+};
+
+static struct key_acl fscrypt_key_acl = {
+ .usage = REFCOUNT_INIT(1),
+ .nr_ace = 2,
+ .aces = {
+ KEY_POSSESSOR_ACE(KEY_ACE_SEARCH | KEY_ACE_INVAL |
+ KEY_ACE_JOIN),
+ KEY_OWNER_ACE(KEY_ACE_SEARCH | KEY_ACE_INVAL | KEY_ACE_JOIN |
+ KEY_ACE_VIEW),
+ }
+};
+
+static struct key_acl fscrypt_user_key_acl = {
+ .usage = REFCOUNT_INIT(1),
+ .nr_ace = 2,
+ .aces = {
+ KEY_POSSESSOR_ACE(KEY_ACE_SEARCH | KEY_ACE_INVAL |
+ KEY_ACE_JOIN),
+ KEY_OWNER_ACE(KEY_ACE_VIEW),
+ }
+};
+
/* Search ->s_master_keys or ->mk_users */
static struct key *search_fscrypt_keyring(struct key *keyring,
struct key_type *type,
@@ -203,8 +235,7 @@ static int allocate_filesystem_keyring(struct super_block *sb)
format_fs_keyring_description(description, sb);
keyring = keyring_alloc(description, GLOBAL_ROOT_UID, GLOBAL_ROOT_GID,
- current_cred(), KEY_POS_SEARCH |
- KEY_USR_SEARCH | KEY_USR_READ | KEY_USR_VIEW,
+ current_cred(), &fscrypt_keyring_acl,
KEY_ALLOC_NOT_IN_QUOTA, NULL, NULL);
if (IS_ERR(keyring))
return PTR_ERR(keyring);
@@ -247,8 +278,7 @@ static int allocate_master_key_users_keyring(struct fscrypt_master_key *mk)
format_mk_users_keyring_description(description,
mk->mk_spec.u.identifier);
keyring = keyring_alloc(description, GLOBAL_ROOT_UID, GLOBAL_ROOT_GID,
- current_cred(), KEY_POS_SEARCH |
- KEY_USR_SEARCH | KEY_USR_READ | KEY_USR_VIEW,
+ current_cred(), &fscrypt_keyring_acl,
KEY_ALLOC_NOT_IN_QUOTA, NULL, NULL);
if (IS_ERR(keyring))
return PTR_ERR(keyring);
@@ -285,7 +315,7 @@ static int add_master_key_user(struct fscrypt_master_key *mk)
format_mk_user_description(description, mk->mk_spec.u.identifier);
mk_user = key_alloc(&key_type_fscrypt_user, description,
current_fsuid(), current_gid(), current_cred(),
- KEY_POS_SEARCH | KEY_USR_VIEW, 0, NULL);
+ &fscrypt_user_key_acl, 0, NULL);
if (IS_ERR(mk_user))
return PTR_ERR(mk_user);
@@ -357,8 +387,7 @@ static int add_new_master_key(struct fscrypt_master_key_secret *secret,
format_mk_description(description, mk_spec);
key = key_alloc(&key_type_fscrypt, description,
GLOBAL_ROOT_UID, GLOBAL_ROOT_GID, current_cred(),
- KEY_POS_SEARCH | KEY_USR_SEARCH | KEY_USR_VIEW,
- KEY_ALLOC_NOT_IN_QUOTA, NULL);
+ &fscrypt_key_acl, KEY_ALLOC_NOT_IN_QUOTA, NULL);
if (IS_ERR(key)) {
err = PTR_ERR(key);
goto out_free_mk;
diff --git a/fs/crypto/keysetup_v1.c b/fs/crypto/keysetup_v1.c
index ad1a36c370c3fb..0727251be865b7 100644
--- a/fs/crypto/keysetup_v1.c
+++ b/fs/crypto/keysetup_v1.c
@@ -104,7 +104,7 @@ find_and_lock_process_key(const char *prefix,
if (!description)
return ERR_PTR(-ENOMEM);
- key = request_key(&key_type_logon, description, NULL);
+ key = request_key(&key_type_logon, description, NULL, NULL);
kfree(description);
if (IS_ERR(key))
return key;
next reply other threads:[~2019-08-14 22:28 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-08-14 22:28 Eric Biggers [this message]
2019-08-14 22:28 ` Merge resolution for fscrypt and keyrings trees Eric Biggers
2019-08-15 13:37 ` David Howells
2019-08-15 13:37 ` David Howells
2019-08-15 16:24 ` Eric Biggers
2019-08-15 16:24 ` Eric Biggers
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190814222822.GA101319@gmail.com \
--to=ebiggers@kernel.org \
--cc=keyrings@vger.kernel.org \
--cc=linux-fscrypt@vger.kernel.org \
--cc=linux-next@vger.kernel.org \
--cc=sfr@canb.auug.org.au \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.