• David Howells's avatar
    KEYS: Improve /proc/keys · 78b7280c
    David Howells authored
    Improve /proc/keys by:
    
     (1) Don't attempt to summarise the payload of a negated key.  It won't have
         one.  To this end, a helper function - key_is_instantiated() has been
         added that allows the caller to find out whether the key is positively
         instantiated (as opposed to being uninstantiated or negatively
         instantiated).
    
     (2) Do show keys that are negative, expired or revoked rather than hiding
         them.  This requires an override flag (no_state_check) to be passed to
         search_my_process_keyrings() and keyring_search_aux() to suppress this
         check.
    
         Without this, keys that are possessed by the caller, but only grant
         permissions to the caller if possessed are skipped as the possession check
         fails.
    
         Keys that are visible due to user, group or other checks are visible with
         or without this patch.
    Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
    Signed-off-by: default avatarJames Morris <jmorris@namei.org>
    78b7280c
process_keys.c 20.3 KB