To take advantage of the "Allow special keyrings to be
cleared" keyring patch the NFS keyring has to be writeable.
Signed-off-by: Steve Dickson <[email protected]>
---
fs/nfs/idmap.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/fs/nfs/idmap.c b/fs/nfs/idmap.c
index a1bbf77..1d88cdb 100644
--- a/fs/nfs/idmap.c
+++ b/fs/nfs/idmap.c
@@ -269,7 +269,7 @@ static ssize_t nfs_idmap_request_key(const char *name, size_t namelen,
}
rcu_read_lock();
- rkey->perm |= KEY_USR_VIEW;
+ rkey->perm |= KEY_USR_VIEW|KEY_USR_WRITE;
ret = key_validate(rkey);
if (ret < 0)
--
1.7.7.5
Should this go in via the NFS tree? I can put it into the security tree
otherwise.
On Tue, 7 Feb 2012, Steve Dickson wrote:
> To take advantage of the "Allow special keyrings to be
> cleared" keyring patch the NFS keyring has to be writeable.
>
> Signed-off-by: Steve Dickson <[email protected]>
> ---
> fs/nfs/idmap.c | 2 +-
> 1 files changed, 1 insertions(+), 1 deletions(-)
>
> diff --git a/fs/nfs/idmap.c b/fs/nfs/idmap.c
> index a1bbf77..1d88cdb 100644
> --- a/fs/nfs/idmap.c
> +++ b/fs/nfs/idmap.c
> @@ -269,7 +269,7 @@ static ssize_t nfs_idmap_request_key(const char *name, size_t namelen,
> }
>
> rcu_read_lock();
> - rkey->perm |= KEY_USR_VIEW;
> + rkey->perm |= KEY_USR_VIEW|KEY_USR_WRITE;
>
> ret = key_validate(rkey);
> if (ret < 0)
> --
> 1.7.7.5
>
--
James Morris
<[email protected]>
Steve Dickson <[email protected]> wrote:
> To take advantage of the "Allow special keyrings to be
> cleared" keyring patch the NFS keyring has to be writeable.
That's not true.
I'll push the "Allow special keyrings to be cleared" keyring patch to James
now.
David
I'm indifferent... as long as it gets in...
Personally I thought it should been be part of David's
"KEYS: Allow special keyrings to be cleared" patch
since NFS can not use that feature unless the
key is writable...
steved.
On 02/07/2012 06:29 PM, James Morris wrote:
> Should this go in via the NFS tree? I can put it into the security tree
> otherwise.
>
>
> On Tue, 7 Feb 2012, Steve Dickson wrote:
>
>> To take advantage of the "Allow special keyrings to be
>> cleared" keyring patch the NFS keyring has to be writeable.
>>
>> Signed-off-by: Steve Dickson <[email protected]>
>> ---
>> fs/nfs/idmap.c | 2 +-
>> 1 files changed, 1 insertions(+), 1 deletions(-)
>>
>> diff --git a/fs/nfs/idmap.c b/fs/nfs/idmap.c
>> index a1bbf77..1d88cdb 100644
>> --- a/fs/nfs/idmap.c
>> +++ b/fs/nfs/idmap.c
>> @@ -269,7 +269,7 @@ static ssize_t nfs_idmap_request_key(const char *name, size_t namelen,
>> }
>>
>> rcu_read_lock();
>> - rkey->perm |= KEY_USR_VIEW;
>> + rkey->perm |= KEY_USR_VIEW|KEY_USR_WRITE;
>>
>> ret = key_validate(rkey);
>> if (ret < 0)
>> --
>> 1.7.7.5
>>
>