From 7e047ef5fe2d52e83020e856b1bf2556a6a2ce98 Mon Sep 17 00:00:00 2001 From: David Howells Date: Mon, 26 Jun 2006 00:24:50 -0700 Subject: [PATCH] keys: sort out key quota system Add the ability for key creation to overrun the user's quota in some circumstances - notably when a session keyring is created and assigned to a process that didn't previously have one. This means it's still possible to log in, should PAM require the creation of a new session keyring, and fix an overburdened key quota. Signed-off-by: David Howells Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- include/linux/security.h | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) (limited to 'include/linux/security.h') diff --git a/include/linux/security.h b/include/linux/security.h index d2c17bd91a2..51805806f97 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -862,6 +862,7 @@ struct swap_info_struct; * Permit allocation of a key and assign security data. Note that key does * not have a serial number assigned at this point. * @key points to the key. + * @flags is the allocation flags * Return 0 if permission is granted, -ve error otherwise. * @key_free: * Notification of destruction; free security data. @@ -1324,7 +1325,7 @@ struct security_operations { /* key management security hooks */ #ifdef CONFIG_KEYS - int (*key_alloc)(struct key *key, struct task_struct *tsk); + int (*key_alloc)(struct key *key, struct task_struct *tsk, unsigned long flags); void (*key_free)(struct key *key); int (*key_permission)(key_ref_t key_ref, struct task_struct *context, @@ -3040,9 +3041,10 @@ static inline int security_xfrm_policy_lookup(struct xfrm_policy *xp, u32 sk_sid #ifdef CONFIG_KEYS #ifdef CONFIG_SECURITY static inline int security_key_alloc(struct key *key, - struct task_struct *tsk) + struct task_struct *tsk, + unsigned long flags) { - return security_ops->key_alloc(key, tsk); + return security_ops->key_alloc(key, tsk, flags); } static inline void security_key_free(struct key *key) @@ -3060,7 +3062,8 @@ static inline int security_key_permission(key_ref_t key_ref, #else static inline int security_key_alloc(struct key *key, - struct task_struct *tsk) + struct task_struct *tsk, + unsigned long flags) { return 0; } -- cgit v1.2.3