summaryrefslogtreecommitdiff
path: root/include/linux/security.h
diff options
context:
space:
mode:
authorDavid Howells <dhowells@redhat.com>2006-06-26 11:24:50 +0400
committerLinus Torvalds <torvalds@g5.osdl.org>2006-06-26 20:58:18 +0400
commit7e047ef5fe2d52e83020e856b1bf2556a6a2ce98 (patch)
tree97656e2c56a27be9d1da451dde627b693b8643f2 /include/linux/security.h
parentf116629d03655adaf7832b93b03c99391d09d4a7 (diff)
downloadlinux-7e047ef5fe2d52e83020e856b1bf2556a6a2ce98.tar.xz
[PATCH] keys: sort out key quota system
Add the ability for key creation to overrun the user's quota in some circumstances - notably when a session keyring is created and assigned to a process that didn't previously have one. This means it's still possible to log in, should PAM require the creation of a new session keyring, and fix an overburdened key quota. Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Diffstat (limited to 'include/linux/security.h')
-rw-r--r--include/linux/security.h11
1 files changed, 7 insertions, 4 deletions
diff --git a/include/linux/security.h b/include/linux/security.h
index d2c17bd91a29..51805806f974 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -862,6 +862,7 @@ struct swap_info_struct;
* Permit allocation of a key and assign security data. Note that key does
* not have a serial number assigned at this point.
* @key points to the key.
+ * @flags is the allocation flags
* Return 0 if permission is granted, -ve error otherwise.
* @key_free:
* Notification of destruction; free security data.
@@ -1324,7 +1325,7 @@ struct security_operations {
/* key management security hooks */
#ifdef CONFIG_KEYS
- int (*key_alloc)(struct key *key, struct task_struct *tsk);
+ int (*key_alloc)(struct key *key, struct task_struct *tsk, unsigned long flags);
void (*key_free)(struct key *key);
int (*key_permission)(key_ref_t key_ref,
struct task_struct *context,
@@ -3040,9 +3041,10 @@ static inline int security_xfrm_policy_lookup(struct xfrm_policy *xp, u32 sk_sid
#ifdef CONFIG_KEYS
#ifdef CONFIG_SECURITY
static inline int security_key_alloc(struct key *key,
- struct task_struct *tsk)
+ struct task_struct *tsk,
+ unsigned long flags)
{
- return security_ops->key_alloc(key, tsk);
+ return security_ops->key_alloc(key, tsk, flags);
}
static inline void security_key_free(struct key *key)
@@ -3060,7 +3062,8 @@ static inline int security_key_permission(key_ref_t key_ref,
#else
static inline int security_key_alloc(struct key *key,
- struct task_struct *tsk)
+ struct task_struct *tsk,
+ unsigned long flags)
{
return 0;
}