diff options
Diffstat (limited to 'security/keys')
| -rw-r--r-- | security/keys/key.c | 2 | ||||
| -rw-r--r-- | security/keys/permission.c | 5 | ||||
| -rw-r--r-- | security/keys/process_keys.c | 2 |
3 files changed, 5 insertions, 4 deletions
diff --git a/security/keys/key.c b/security/keys/key.c index c9bf66ac36e..50d96d4e06f 100644 --- a/security/keys/key.c +++ b/security/keys/key.c @@ -253,7 +253,7 @@ struct key *key_alloc(struct key_type *type, const char *desc, quotalen = desclen + type->def_datalen; /* get hold of the key tracking for this user */ - user = key_user_lookup(uid, cred->user->user_ns); + user = key_user_lookup(uid, cred->user_ns); if (!user) goto no_memory_1; diff --git a/security/keys/permission.c b/security/keys/permission.c index 57d96363d7f..0b4d019e027 100644 --- a/security/keys/permission.c +++ b/security/keys/permission.c @@ -36,7 +36,7 @@ int key_task_permission(const key_ref_t key_ref, const struct cred *cred, key = key_ref_to_ptr(key_ref); - if (key->user->user_ns != cred->user->user_ns) + if (key->user->user_ns != cred->user_ns) goto use_other_perms; /* use the second 8-bits of permissions for keys the caller owns */ @@ -53,7 +53,8 @@ int key_task_permission(const key_ref_t key_ref, const struct cred *cred, goto use_these_perms; } - ret = groups_search(cred->group_info, key->gid); + ret = groups_search(cred->group_info, + make_kgid(current_user_ns(), key->gid)); if (ret) { kperm = key->perm >> 8; goto use_these_perms; diff --git a/security/keys/process_keys.c b/security/keys/process_keys.c index e137fcd7042..d71056db7b6 100644 --- a/security/keys/process_keys.c +++ b/security/keys/process_keys.c @@ -860,7 +860,7 @@ void key_replace_session_keyring(void) new-> sgid = old-> sgid; new->fsgid = old->fsgid; new->user = get_uid(old->user); - new->user_ns = new->user->user_ns; + new->user_ns = get_user_ns(new->user_ns); new->group_info = get_group_info(old->group_info); new->securebits = old->securebits; |