Merge branch 'master'

author: Jeff Garzik <jgarzik@pobox.com> 2005-11-05 14:38:55 -0500
committer: Jeff Garzik <jgarzik@pobox.com> 2005-11-05 14:38:55 -0500
commit: 328198acb7407301ddf6005c0fa1e04bd0c539c8 (patch)
tree: 9936112bd195bfbaacc9a75f2ea7ff757a2c0546 /security/keys/process_keys.c
parent: 9e0cb06b17be7e562cbdaba2768649f025826dc6 (diff)
parent: fecb4a0c87c2bcaee1f3cf800126eef752a07ed3 (diff)
1 files changed, 4 insertions, 5 deletions
diff --git a/security/keys/process_keys.c b/security/keys/process_keys.c
index d42d2158ce1..566b1cc0118 100644
--- a/security/keys/process_keys.c
+++ b/security/keys/process_keys.c
@@ -39,7 +39,7 @@ struct key root_user_keyring = {
 	.type		= &key_type_keyring,
 	.user		= &root_key_user,
 	.sem		= __RWSEM_INITIALIZER(root_user_keyring.sem),
-	.perm		= KEY_POS_ALL | KEY_USR_ALL,
+	.perm		= (KEY_POS_ALL & ~KEY_POS_SETATTR) | KEY_USR_ALL,
 	.flags		= 1 << KEY_FLAG_INSTANTIATED,
 	.description	= "_uid.0",
 #ifdef KEY_DEBUGGING
@@ -54,7 +54,7 @@ struct key root_session_keyring = {
 	.type		= &key_type_keyring,
 	.user		= &root_key_user,
 	.sem		= __RWSEM_INITIALIZER(root_session_keyring.sem),
-	.perm		= KEY_POS_ALL | KEY_USR_ALL,
+	.perm		= (KEY_POS_ALL & ~KEY_POS_SETATTR) | KEY_USR_ALL,
 	.flags		= 1 << KEY_FLAG_INSTANTIATED,
 	.description	= "_uid_ses.0",
 #ifdef KEY_DEBUGGING
@@ -666,9 +666,8 @@ key_ref_t lookup_user_key(struct task_struct *context, key_serial_t id,
 		goto invalid_key;
 
 	/* check the permissions */
-	ret = -EACCES;
-
-	if (!key_task_permission(key_ref, context, perm))
+	ret = key_task_permission(key_ref, context, perm);
+	if (ret < 0)
 		goto invalid_key;
 
 error:
author	Jeff Garzik <jgarzik@pobox.com>	2005-11-05 14:38:55 -0500
committer	Jeff Garzik <jgarzik@pobox.com>	2005-11-05 14:38:55 -0500
commit	328198acb7407301ddf6005c0fa1e04bd0c539c8 (patch)
tree	9936112bd195bfbaacc9a75f2ea7ff757a2c0546 /security/keys/process_keys.c
parent	9e0cb06b17be7e562cbdaba2768649f025826dc6 (diff)
parent	fecb4a0c87c2bcaee1f3cf800126eef752a07ed3 (diff)