Message ID | 20210114151909.2344974-6-mic@digikod.net (mailing list archive) |
---|---|
State | New |
Headers | show |
Series | Enable root to update the blacklist keyring | expand |
On Thu, Jan 14, 2021 at 04:19:04PM +0100, Mickaël Salaün wrote: > From: Mickaël Salaün <mic@linux.microsoft.com> > > Align with the new macros and add appropriate include files. > > Cc: David Woodhouse <dwmw2@infradead.org> > Signed-off-by: Mickaël Salaün <mic@linux.microsoft.com> > Signed-off-by: David Howells <dhowells@redhat.com> The commit message makes no sense. What you new macros? /Jarkko
On 20/01/2021 06:15, Jarkko Sakkinen wrote: > On Thu, Jan 14, 2021 at 04:19:04PM +0100, Mickaël Salaün wrote: >> From: Mickaël Salaün <mic@linux.microsoft.com> >> >> Align with the new macros and add appropriate include files. >> >> Cc: David Woodhouse <dwmw2@infradead.org> >> Signed-off-by: Mickaël Salaün <mic@linux.microsoft.com> >> Signed-off-by: David Howells <dhowells@redhat.com> > > The commit message makes no sense. What you new macros? What about "Use the new GLOBAL_ROOT_UID and GLOBAL_ROOT_GID definitions, and add appropriate include files."? > > /Jarkko >
On Wed, Jan 20, 2021 at 12:17:28PM +0100, Mickaël Salaün wrote: > > On 20/01/2021 06:15, Jarkko Sakkinen wrote: > > On Thu, Jan 14, 2021 at 04:19:04PM +0100, Mickaël Salaün wrote: > >> From: Mickaël Salaün <mic@linux.microsoft.com> > >> > >> Align with the new macros and add appropriate include files. > >> > >> Cc: David Woodhouse <dwmw2@infradead.org> > >> Signed-off-by: Mickaël Salaün <mic@linux.microsoft.com> > >> Signed-off-by: David Howells <dhowells@redhat.com> > > > > The commit message makes no sense. What you new macros? > > What about "Use the new GLOBAL_ROOT_UID and GLOBAL_ROOT_GID definitions, > and add appropriate include files."? They were added in 2011 so you could just remove "the new". Otherwise, WFM. /Jarkko
diff --git a/certs/blacklist.c b/certs/blacklist.c index 029471947838..bffe4c6f4a9e 100644 --- a/certs/blacklist.c +++ b/certs/blacklist.c @@ -14,6 +14,7 @@ #include <linux/ctype.h> #include <linux/err.h> #include <linux/seq_file.h> +#include <linux/uidgid.h> #include <keys/system_keyring.h> #include "blacklist.h" @@ -156,8 +157,7 @@ static int __init blacklist_init(void) blacklist_keyring = keyring_alloc(".blacklist", - KUIDT_INIT(0), KGIDT_INIT(0), - current_cred(), + GLOBAL_ROOT_UID, GLOBAL_ROOT_GID, current_cred(), (KEY_POS_ALL & ~KEY_POS_SETATTR) | KEY_USR_VIEW | KEY_USR_READ | KEY_USR_SEARCH, diff --git a/certs/system_keyring.c b/certs/system_keyring.c index 798291177186..4b693da488f1 100644 --- a/certs/system_keyring.c +++ b/certs/system_keyring.c @@ -11,6 +11,7 @@ #include <linux/cred.h> #include <linux/err.h> #include <linux/slab.h> +#include <linux/uidgid.h> #include <linux/verification.h> #include <keys/asymmetric-type.h> #include <keys/system_keyring.h> @@ -98,7 +99,7 @@ static __init int system_trusted_keyring_init(void) builtin_trusted_keys = keyring_alloc(".builtin_trusted_keys", - KUIDT_INIT(0), KGIDT_INIT(0), current_cred(), + GLOBAL_ROOT_UID, GLOBAL_ROOT_GID, current_cred(), ((KEY_POS_ALL & ~KEY_POS_SETATTR) | KEY_USR_VIEW | KEY_USR_READ | KEY_USR_SEARCH), KEY_ALLOC_NOT_IN_QUOTA, @@ -109,7 +110,7 @@ static __init int system_trusted_keyring_init(void) #ifdef CONFIG_SECONDARY_TRUSTED_KEYRING secondary_trusted_keys = keyring_alloc(".secondary_trusted_keys", - KUIDT_INIT(0), KGIDT_INIT(0), current_cred(), + GLOBAL_ROOT_UID, GLOBAL_ROOT_GID, current_cred(), ((KEY_POS_ALL & ~KEY_POS_SETATTR) | KEY_USR_VIEW | KEY_USR_READ | KEY_USR_SEARCH | KEY_USR_WRITE),