LKML Archive on lore.kernel.org
help / color / mirror / Atom feed
* [GIT PULL] keys: Miscellany
@ 2019-05-29 22:01 David Howells
2019-05-29 22:11 ` Eric Biggers
2019-05-30 6:53 ` James Morris
0 siblings, 2 replies; 4+ messages in thread
From: David Howells @ 2019-05-29 22:01 UTC (permalink / raw)
To: James Morris; +Cc: dhowells, keyrings, linux-security-module, linux-kernel
Hi James,
Here are some miscellaneous keyrings fixes and improvements intended for
the next merge window, if you could pull them please.
(1) Fix a bunch of warnings from sparse, including missing RCU bits and
kdoc-function argument mismatches
(2) Implement a keyctl to allow a key to be moved from one keyring to
another, with the option of prohibiting key replacement in the
destination keyring.
(3) Grant Link permission to possessors of request_key_auth tokens so that
upcall servicing daemons can more easily arrange things such that only
the necessary auth key is passed to the actual service program, and
not all the auth keys a daemon might possesss.
Changes: I made the change you suggested on patch 6 and added the
reviewed-by's to patches 1-5 and 7.
David
---
The following changes since commit a188339ca5a396acc588e5851ed7e19f66b0ebd9:
Linux 5.2-rc1 (2019-05-19 15:47:09 -0700)
are available in the Git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git tags/keys-misc-20190529
for you to fetch changes up to 39de363a48ae151d766512c8e73a5564a3096c82:
keys: Grant Link permission to possessers of request_key auth keys (2019-05-29 22:34:52 +0100)
----------------------------------------------------------------
Miscellaneous keyrings development
----------------------------------------------------------------
David Howells (7):
keys: sparse: Fix key_fs[ug]id_changed()
keys: sparse: Fix incorrect RCU accesses
keys: sparse: Fix kdoc mismatches
keys: Break bits out of key_unlink()
keys: Make __key_link_begin() handle lockdep nesting
keys: Add a keyctl to move a key between keyrings
keys: Grant Link permission to possessers of request_key auth keys
Documentation/security/keys/core.rst | 21 +++++
include/linux/key.h | 13 ++-
include/uapi/linux/keyctl.h | 3 +
kernel/cred.c | 4 +-
security/keys/compat.c | 3 +
security/keys/internal.h | 3 +-
security/keys/key.c | 6 +-
security/keys/keyctl.c | 56 ++++++++++-
security/keys/keyring.c | 178 ++++++++++++++++++++++++++++++-----
security/keys/process_keys.c | 22 ++---
security/keys/request_key.c | 4 +-
security/keys/request_key_auth.c | 4 +-
12 files changed, 269 insertions(+), 48 deletions(-)
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [GIT PULL] keys: Miscellany
2019-05-29 22:01 [GIT PULL] keys: Miscellany David Howells
@ 2019-05-29 22:11 ` Eric Biggers
2019-05-30 6:53 ` James Morris
1 sibling, 0 replies; 4+ messages in thread
From: Eric Biggers @ 2019-05-29 22:11 UTC (permalink / raw)
To: David Howells; +Cc: James Morris, keyrings, linux-security-module, linux-kernel
On Wed, May 29, 2019 at 11:01:35PM +0100, David Howells wrote:
>
> (2) Implement a keyctl to allow a key to be moved from one keyring to
> another, with the option of prohibiting key replacement in the
> destination keyring.
>
What is the use case, and where are the tests and documentation for this?
- Eric
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [GIT PULL] keys: Miscellany
2019-05-29 22:01 [GIT PULL] keys: Miscellany David Howells
2019-05-29 22:11 ` Eric Biggers
@ 2019-05-30 6:53 ` James Morris
1 sibling, 0 replies; 4+ messages in thread
From: James Morris @ 2019-05-30 6:53 UTC (permalink / raw)
To: David Howells; +Cc: keyrings, linux-security-module, linux-kernel
On Wed, 29 May 2019, David Howells wrote:
> Hi James,
>
> Here are some miscellaneous keyrings fixes and improvements intended for
> the next merge window, if you could pull them please.
>
Linus has asked for security subsystem PRs to go directly to him.
--
James Morris
<jmorris@namei.org>
^ permalink raw reply [flat|nested] 4+ messages in thread
* [GIT PULL] KEYS: Miscellany
@ 2016-07-08 18:15 David Howells
0 siblings, 0 replies; 4+ messages in thread
From: David Howells @ 2016-07-08 18:15 UTC (permalink / raw)
To: jmorris; +Cc: dhowells, keyrings, linux-kernel, linux-security-module
Hi James,
Could you pull these patches into security/next please? They've been in
linux-next for 3 weeks or so.
One patch just strips a bunch of spaces and the other patch changes sign-file
to attempt to acertain as to whether an X.509 cert is in DER or PEM format
before trying to read it and then parsing it using the appropriate openssl
call.
Thanks,
David
---
The following changes since commit 40d273782ff16fe1a7445cc05c66a447dfea3433:
security: tomoyo: simplify the gc kthread creation (2016-06-06 20:23:55 +1000)
are available in the git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git tags/keys-misc-20160708
for you to fetch changes up to 9552c7aebb8c36912612fddad5b55267c671a303:
modsign: Make sign-file determine the format of the X.509 cert (2016-06-14 13:18:33 +0100)
----------------------------------------------------------------
Keyrings miscellany
----------------------------------------------------------------
David Howells (2):
KEYS: Strip trailing spaces
modsign: Make sign-file determine the format of the X.509 cert
include/keys/rxrpc-type.h | 2 +-
scripts/sign-file.c | 34 ++++++++++++++++++++++++++--------
security/keys/persistent.c | 2 +-
security/keys/request_key.c | 2 +-
4 files changed, 29 insertions(+), 11 deletions(-)
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2019-05-30 6:53 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-05-29 22:01 [GIT PULL] keys: Miscellany David Howells
2019-05-29 22:11 ` Eric Biggers
2019-05-30 6:53 ` James Morris
-- strict thread matches above, loose matches on Subject: below --
2016-07-08 18:15 [GIT PULL] KEYS: Miscellany David Howells
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).