summaryrefslogtreecommitdiff
path: root/security
diff options
context:
space:
mode:
authorJames Morris <james.l.morris@oracle.com>2015-01-29 11:03:24 +1100
committerJames Morris <james.l.morris@oracle.com>2015-01-29 11:03:24 +1100
commitbfc8419670bb6edc53b7423900a50f3c974839a0 (patch)
treeb9b3972498a9be988ec37c67c5f552c34f8efa2a /security
parent90200f19160734feceb92a3a054864c340242699 (diff)
parente994393acd65e729a574aaca466eab22b5b39cc6 (diff)
downloadlinux-bfc8419670bb6edc53b7423900a50f3c974839a0.tar.gz
Merge tag 'keys-next-20150123' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs into next
Diffstat (limited to 'security')
-rw-r--r--security/keys/Kconfig18
-rw-r--r--security/keys/proc.c8
2 files changed, 0 insertions, 26 deletions
diff --git a/security/keys/Kconfig b/security/keys/Kconfig
index a4f3f8c48d6e..72483b8f1be5 100644
--- a/security/keys/Kconfig
+++ b/security/keys/Kconfig
@@ -80,21 +80,3 @@ config ENCRYPTED_KEYS
Userspace only ever sees/stores encrypted blobs.
If you are unsure as to whether this is required, answer N.
-
-config KEYS_DEBUG_PROC_KEYS
- bool "Enable the /proc/keys file by which keys may be viewed"
- depends on KEYS
- help
- This option turns on support for the /proc/keys file - through which
- can be listed all the keys on the system that are viewable by the
- reading process.
-
- The only keys included in the list are those that grant View
- permission to the reading process whether or not it possesses them.
- Note that LSM security checks are still performed, and may further
- filter out keys that the current process is not authorised to view.
-
- Only key attributes are listed here; key payloads are not included in
- the resulting table.
-
- If you are unsure as to whether this is required, answer N.
diff --git a/security/keys/proc.c b/security/keys/proc.c
index 972eeb336b81..f0611a6368cd 100644
--- a/security/keys/proc.c
+++ b/security/keys/proc.c
@@ -18,7 +18,6 @@
#include <asm/errno.h>
#include "internal.h"
-#ifdef CONFIG_KEYS_DEBUG_PROC_KEYS
static int proc_keys_open(struct inode *inode, struct file *file);
static void *proc_keys_start(struct seq_file *p, loff_t *_pos);
static void *proc_keys_next(struct seq_file *p, void *v, loff_t *_pos);
@@ -38,7 +37,6 @@ static const struct file_operations proc_keys_fops = {
.llseek = seq_lseek,
.release = seq_release,
};
-#endif
static int proc_key_users_open(struct inode *inode, struct file *file);
static void *proc_key_users_start(struct seq_file *p, loff_t *_pos);
@@ -67,11 +65,9 @@ static int __init key_proc_init(void)
{
struct proc_dir_entry *p;
-#ifdef CONFIG_KEYS_DEBUG_PROC_KEYS
p = proc_create("keys", 0, NULL, &proc_keys_fops);
if (!p)
panic("Cannot create /proc/keys\n");
-#endif
p = proc_create("key-users", 0, NULL, &proc_key_users_fops);
if (!p)
@@ -86,8 +82,6 @@ __initcall(key_proc_init);
* Implement "/proc/keys" to provide a list of the keys on the system that
* grant View permission to the caller.
*/
-#ifdef CONFIG_KEYS_DEBUG_PROC_KEYS
-
static struct rb_node *key_serial_next(struct seq_file *p, struct rb_node *n)
{
struct user_namespace *user_ns = seq_user_ns(p);
@@ -275,8 +269,6 @@ static int proc_keys_show(struct seq_file *m, void *v)
return 0;
}
-#endif /* CONFIG_KEYS_DEBUG_PROC_KEYS */
-
static struct rb_node *__key_user_next(struct user_namespace *user_ns, struct rb_node *n)
{
while (n) {