• David Howells's avatar
    KEYS/DNS: Fix ____call_usermodehelper() to not lose the session keyring · 87966996
    David Howells authored
    ____call_usermodehelper() now erases any credentials set by the
    subprocess_inf::init() function.  The problem is that commit
    17f60a7d ("capabilites: allow the application of capability limits
    to usermode helpers") creates and commits new credentials with
    prepare_kernel_cred() after the call to the init() function.  This wipes
    all keyrings after umh_keys_init() is called.
    
    The best way to deal with this is to put the init() call just prior to
    the commit_creds() call, and pass the cred pointer to init().  That
    means that umh_keys_init() and suchlike can modify the credentials
    _before_ they are published and potentially in use by the rest of the
    system.
    
    This prevents request_key() from working as it is prevented from passing
    the session keyring it set up with the authorisation token to
    /sbin/request-key, and so the latter can't assume the authority to
    instantiate the key.  This causes the in-kernel DNS resolver to fail
    with ENOKEY unconditionally.
    Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
    Acked-by: default avatarEric Paris <eparis@redhat.com>
    Tested-by: default avatarJeff Layton <jlayton@redhat.com>
    Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
    87966996
request_key.c 19.3 KB