Commit dabd39cc authored by David Howells's avatar David Howells

KEYS: Make /proc/keys unconditional if CONFIG_KEYS=y

Now that /proc/keys is used by libkeyutils to look up a key by type and
description, we should make it unconditional and remove
CONFIG_DEBUG_PROC_KEYS.
Reported-by: default avatarJiri Kosina <jkosina@suse.cz>
Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
Tested-by: default avatarJiri Kosina <jkosina@suse.cz>
parent 961be7ef
...@@ -323,8 +323,6 @@ about the status of the key service: ...@@ -323,8 +323,6 @@ about the status of the key service:
U Under construction by callback to userspace U Under construction by callback to userspace
N Negative key N Negative key
This file must be enabled at kernel configuration time as it allows anyone
to list the keys database.
(*) /proc/key-users (*) /proc/key-users
......
...@@ -80,21 +80,3 @@ config ENCRYPTED_KEYS ...@@ -80,21 +80,3 @@ config ENCRYPTED_KEYS
Userspace only ever sees/stores encrypted blobs. Userspace only ever sees/stores encrypted blobs.
If you are unsure as to whether this is required, answer N. If you are unsure as to whether this is required, answer N.
config KEYS_DEBUG_PROC_KEYS
bool "Enable the /proc/keys file by which keys may be viewed"
depends on KEYS
help
This option turns on support for the /proc/keys file - through which
can be listed all the keys on the system that are viewable by the
reading process.
The only keys included in the list are those that grant View
permission to the reading process whether or not it possesses them.
Note that LSM security checks are still performed, and may further
filter out keys that the current process is not authorised to view.
Only key attributes are listed here; key payloads are not included in
the resulting table.
If you are unsure as to whether this is required, answer N.
...@@ -18,7 +18,6 @@ ...@@ -18,7 +18,6 @@
#include <asm/errno.h> #include <asm/errno.h>
#include "internal.h" #include "internal.h"
#ifdef CONFIG_KEYS_DEBUG_PROC_KEYS
static int proc_keys_open(struct inode *inode, struct file *file); static int proc_keys_open(struct inode *inode, struct file *file);
static void *proc_keys_start(struct seq_file *p, loff_t *_pos); static void *proc_keys_start(struct seq_file *p, loff_t *_pos);
static void *proc_keys_next(struct seq_file *p, void *v, loff_t *_pos); static void *proc_keys_next(struct seq_file *p, void *v, loff_t *_pos);
...@@ -38,7 +37,6 @@ static const struct file_operations proc_keys_fops = { ...@@ -38,7 +37,6 @@ static const struct file_operations proc_keys_fops = {
.llseek = seq_lseek, .llseek = seq_lseek,
.release = seq_release, .release = seq_release,
}; };
#endif
static int proc_key_users_open(struct inode *inode, struct file *file); static int proc_key_users_open(struct inode *inode, struct file *file);
static void *proc_key_users_start(struct seq_file *p, loff_t *_pos); static void *proc_key_users_start(struct seq_file *p, loff_t *_pos);
...@@ -67,11 +65,9 @@ static int __init key_proc_init(void) ...@@ -67,11 +65,9 @@ static int __init key_proc_init(void)
{ {
struct proc_dir_entry *p; struct proc_dir_entry *p;
#ifdef CONFIG_KEYS_DEBUG_PROC_KEYS
p = proc_create("keys", 0, NULL, &proc_keys_fops); p = proc_create("keys", 0, NULL, &proc_keys_fops);
if (!p) if (!p)
panic("Cannot create /proc/keys\n"); panic("Cannot create /proc/keys\n");
#endif
p = proc_create("key-users", 0, NULL, &proc_key_users_fops); p = proc_create("key-users", 0, NULL, &proc_key_users_fops);
if (!p) if (!p)
...@@ -86,8 +82,6 @@ __initcall(key_proc_init); ...@@ -86,8 +82,6 @@ __initcall(key_proc_init);
* Implement "/proc/keys" to provide a list of the keys on the system that * Implement "/proc/keys" to provide a list of the keys on the system that
* grant View permission to the caller. * grant View permission to the caller.
*/ */
#ifdef CONFIG_KEYS_DEBUG_PROC_KEYS
static struct rb_node *key_serial_next(struct seq_file *p, struct rb_node *n) static struct rb_node *key_serial_next(struct seq_file *p, struct rb_node *n)
{ {
struct user_namespace *user_ns = seq_user_ns(p); struct user_namespace *user_ns = seq_user_ns(p);
...@@ -275,8 +269,6 @@ static int proc_keys_show(struct seq_file *m, void *v) ...@@ -275,8 +269,6 @@ static int proc_keys_show(struct seq_file *m, void *v)
return 0; return 0;
} }
#endif /* CONFIG_KEYS_DEBUG_PROC_KEYS */
static struct rb_node *__key_user_next(struct user_namespace *user_ns, struct rb_node *n) static struct rb_node *__key_user_next(struct user_namespace *user_ns, struct rb_node *n)
{ {
while (n) { while (n) {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment