KEYS: prevent keys from being removed from specified keyrings Userspace should not be allowed to remove keys from certain keyrings (eg. blacklist), though the keys themselves can expire. This patch defines a new key flag named KEY_FLAG_KEEP to prevent userspace from being able to unlink, revoke, invalidate or timed out a key on a keyring. When this flag is set on the keyring, all keys subsequently added are flagged. In addition, when this flag is set, the keyring itself can not be cleared. Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com> Cc: David Howells <dhowells@redhat.com>

commit: d3600bcf9d64d88dc1d189a754dcfab960ce751f [log] [tgz]
author: Mimi Zohar <zohar@linux.vnet.ibm.com> Tue Nov 10 08:34:46 2015 -0500
committer: Mimi Zohar <zohar@linux.vnet.ibm.com> Tue Dec 15 10:01:43 2015 -0500
tree: 0db5cee0ddb99cfe1cbd7f8314653f36ddf5005f
parent: 80eae209d63ac6361c7b445f7e7e41f39c044772 [diff] [blame]
diff --git a/security/keys/key.c b/security/keys/key.c
index ab7997d..09ef276 100644
--- a/security/keys/key.c
+++ b/security/keys/key.c

@@ -429,8 +429,12 @@
 				awaken = 1;
 
 			/* and link it into the destination keyring */
-			if (keyring)
+			if (keyring) {
+				if (test_bit(KEY_FLAG_KEEP, &keyring->flags))
+					set_bit(KEY_FLAG_KEEP, &key->flags);
+
 				__key_link(key, _edit);
+			}
 
 			/* disable the authorisation key */
 			if (authkey)
commit	d3600bcf9d64d88dc1d189a754dcfab960ce751f	[log] [tgz]
author	Mimi Zohar <zohar@linux.vnet.ibm.com>	Tue Nov 10 08:34:46 2015 -0500
committer	Mimi Zohar <zohar@linux.vnet.ibm.com>	Tue Dec 15 10:01:43 2015 -0500
tree	0db5cee0ddb99cfe1cbd7f8314653f36ddf5005f
parent	80eae209d63ac6361c7b445f7e7e41f39c044772 [diff] [blame]