Merge tag 'keys-next-20150123' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs into next
This commit is contained in:
James Morris
Коммит
bfc8419670
|
|
@ -323,8 +323,6 @@ about the status of the key service:
|
|||
U Under construction by callback to userspace
|
||||
N Negative key
|
||||
|
||||
This file must be enabled at kernel configuration time as it allows anyone
|
||||
to list the keys database.
|
||||
|
||||
(*) /proc/key-users
|
||||
|
||||
|
|
|
|||
|
|
@ -142,7 +142,7 @@ endif
|
|||
kernel/system_certificates.o: $(obj)/x509_certificate_list
|
||||
|
||||
quiet_cmd_x509certs = CERTS $@
|
||||
cmd_x509certs = cat $(X509_CERTIFICATES) /dev/null >$@ $(foreach X509,$(X509_CERTIFICATES),; echo " - Including cert $(X509)")
|
||||
cmd_x509certs = cat $(X509_CERTIFICATES) /dev/null >$@ $(foreach X509,$(X509_CERTIFICATES),; $(kecho) " - Including cert $(X509)")
|
||||
|
||||
targets += $(obj)/x509_certificate_list
|
||||
$(obj)/x509_certificate_list: $(X509_CERTIFICATES) $(obj)/.x509.list
|
||||
|
|
|
|||
|
|
@ -311,6 +311,9 @@ struct token {
|
|||
|
||||
static struct token *token_list;
|
||||
static unsigned nr_tokens;
|
||||
static _Bool verbose;
|
||||
|
||||
#define debug(fmt, ...) do { if (verbose) printf(fmt, ## __VA_ARGS__); } while (0)
|
||||
|
||||
static int directive_compare(const void *_key, const void *_pdir)
|
||||
{
|
||||
|
|
@ -322,21 +325,21 @@ static int directive_compare(const void *_key, const void *_pdir)
|
|||
dlen = strlen(dir);
|
||||
clen = (dlen < token->size) ? dlen : token->size;
|
||||
|
||||
//printf("cmp(%*.*s,%s) = ",
|
||||
//debug("cmp(%*.*s,%s) = ",
|
||||
// (int)token->size, (int)token->size, token->value,
|
||||
// dir);
|
||||
|
||||
val = memcmp(token->value, dir, clen);
|
||||
if (val != 0) {
|
||||
//printf("%d [cmp]\n", val);
|
||||
//debug("%d [cmp]\n", val);
|
||||
return val;
|
||||
}
|
||||
|
||||
if (dlen == token->size) {
|
||||
//printf("0\n");
|
||||
//debug("0\n");
|
||||
return 0;
|
||||
}
|
||||
//printf("%d\n", (int)dlen - (int)token->size);
|
||||
//debug("%d\n", (int)dlen - (int)token->size);
|
||||
return dlen - token->size; /* shorter -> negative */
|
||||
}
|
||||
|
||||
|
|
@ -515,13 +518,13 @@ static void tokenise(char *buffer, char *end)
|
|||
}
|
||||
|
||||
nr_tokens = tix;
|
||||
printf("Extracted %u tokens\n", nr_tokens);
|
||||
debug("Extracted %u tokens\n", nr_tokens);
|
||||
|
||||
#if 0
|
||||
{
|
||||
int n;
|
||||
for (n = 0; n < nr_tokens; n++)
|
||||
printf("Token %3u: '%*.*s'\n",
|
||||
debug("Token %3u: '%*.*s'\n",
|
||||
n,
|
||||
(int)token_list[n].size, (int)token_list[n].size,
|
||||
token_list[n].value);
|
||||
|
|
@ -542,6 +545,7 @@ int main(int argc, char **argv)
|
|||
ssize_t readlen;
|
||||
FILE *out, *hdr;
|
||||
char *buffer, *p;
|
||||
char *kbuild_verbose;
|
||||
int fd;
|
||||
|
||||
if (argc != 4) {
|
||||
|
|
@ -550,6 +554,10 @@ int main(int argc, char **argv)
|
|||
exit(2);
|
||||
}
|
||||
|
||||
kbuild_verbose = getenv("KBUILD_VERBOSE");
|
||||
if (kbuild_verbose)
|
||||
verbose = atoi(kbuild_verbose);
|
||||
|
||||
filename = argv[1];
|
||||
outputname = argv[2];
|
||||
headername = argv[3];
|
||||
|
|
@ -748,11 +756,11 @@ static void build_type_list(void)
|
|||
|
||||
qsort(type_index, nr, sizeof(type_index[0]), type_index_compare);
|
||||
|
||||
printf("Extracted %u types\n", nr_types);
|
||||
debug("Extracted %u types\n", nr_types);
|
||||
#if 0
|
||||
for (n = 0; n < nr_types; n++) {
|
||||
struct type *type = type_index[n];
|
||||
printf("- %*.*s\n",
|
||||
debug("- %*.*s\n",
|
||||
(int)type->name->size,
|
||||
(int)type->name->size,
|
||||
type->name->value);
|
||||
|
|
@ -793,7 +801,7 @@ static void parse(void)
|
|||
|
||||
} while (type++, !(type->flags & TYPE_STOP_MARKER));
|
||||
|
||||
printf("Extracted %u actions\n", nr_actions);
|
||||
debug("Extracted %u actions\n", nr_actions);
|
||||
}
|
||||
|
||||
static struct element *element_list;
|
||||
|
|
@ -1284,7 +1292,7 @@ static void render(FILE *out, FILE *hdr)
|
|||
}
|
||||
|
||||
/* We do two passes - the first one calculates all the offsets */
|
||||
printf("Pass 1\n");
|
||||
debug("Pass 1\n");
|
||||
nr_entries = 0;
|
||||
root = &type_list[0];
|
||||
render_element(NULL, root->element, NULL);
|
||||
|
|
@ -1295,7 +1303,7 @@ static void render(FILE *out, FILE *hdr)
|
|||
e->flags &= ~ELEMENT_RENDERED;
|
||||
|
||||
/* And then we actually render */
|
||||
printf("Pass 2\n");
|
||||
debug("Pass 2\n");
|
||||
fprintf(out, "\n");
|
||||
fprintf(out, "static const unsigned char %s_machine[] = {\n",
|
||||
grammar_name);
|
||||
|
|
|
|||
|
|
@ -80,21 +80,3 @@ config ENCRYPTED_KEYS
|
|||
Userspace only ever sees/stores encrypted blobs.
|
||||
|
||||
If you are unsure as to whether this is required, answer N.
|
||||
|
||||
config KEYS_DEBUG_PROC_KEYS
|
||||
bool "Enable the /proc/keys file by which keys may be viewed"
|
||||
depends on KEYS
|
||||
help
|
||||
This option turns on support for the /proc/keys file - through which
|
||||
can be listed all the keys on the system that are viewable by the
|
||||
reading process.
|
||||
|
||||
The only keys included in the list are those that grant View
|
||||
permission to the reading process whether or not it possesses them.
|
||||
Note that LSM security checks are still performed, and may further
|
||||
filter out keys that the current process is not authorised to view.
|
||||
|
||||
Only key attributes are listed here; key payloads are not included in
|
||||
the resulting table.
|
||||
|
||||
If you are unsure as to whether this is required, answer N.
|
||||
|
|
|
|||
|
|
@ -18,7 +18,6 @@
|
|||
#include <asm/errno.h>
|
||||
#include "internal.h"
|
||||
|
||||
#ifdef CONFIG_KEYS_DEBUG_PROC_KEYS
|
||||
static int proc_keys_open(struct inode *inode, struct file *file);
|
||||
static void *proc_keys_start(struct seq_file *p, loff_t *_pos);
|
||||
static void *proc_keys_next(struct seq_file *p, void *v, loff_t *_pos);
|
||||
|
|
@ -38,7 +37,6 @@ static const struct file_operations proc_keys_fops = {
|
|||
.llseek = seq_lseek,
|
||||
.release = seq_release,
|
||||
};
|
||||
#endif
|
||||
|
||||
static int proc_key_users_open(struct inode *inode, struct file *file);
|
||||
static void *proc_key_users_start(struct seq_file *p, loff_t *_pos);
|
||||
|
|
@ -67,11 +65,9 @@ static int __init key_proc_init(void)
|
|||
{
|
||||
struct proc_dir_entry *p;
|
||||
|
||||
#ifdef CONFIG_KEYS_DEBUG_PROC_KEYS
|
||||
p = proc_create("keys", 0, NULL, &proc_keys_fops);
|
||||
if (!p)
|
||||
panic("Cannot create /proc/keys\n");
|
||||
#endif
|
||||
|
||||
p = proc_create("key-users", 0, NULL, &proc_key_users_fops);
|
||||
if (!p)
|
||||
|
|
@ -86,8 +82,6 @@ __initcall(key_proc_init);
|
|||
* Implement "/proc/keys" to provide a list of the keys on the system that
|
||||
* grant View permission to the caller.
|
||||
*/
|
||||
#ifdef CONFIG_KEYS_DEBUG_PROC_KEYS
|
||||
|
||||
static struct rb_node *key_serial_next(struct seq_file *p, struct rb_node *n)
|
||||
{
|
||||
struct user_namespace *user_ns = seq_user_ns(p);
|
||||
|
|
@ -275,8 +269,6 @@ static int proc_keys_show(struct seq_file *m, void *v)
|
|||
return 0;
|
||||
}
|
||||
|
||||
#endif /* CONFIG_KEYS_DEBUG_PROC_KEYS */
|
||||
|
||||
static struct rb_node *__key_user_next(struct user_namespace *user_ns, struct rb_node *n)
|
||||
{
|
||||
while (n) {
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче