[PATCH] keys: sort out key quota system
Add the ability for key creation to overrun the user's quota in some
circumstances - notably when a session keyring is created and assigned to a
process that didn't previously have one.
This means it's still possible to log in, should PAM require the creation of a
new session keyring, and fix an overburdened key quota.
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
diff --git a/include/linux/key.h b/include/linux/key.h
index e81ebf9..e693e72 100644
--- a/include/linux/key.h
+++ b/include/linux/key.h
@@ -248,7 +248,14 @@
const char *desc,
uid_t uid, gid_t gid,
struct task_struct *ctx,
- key_perm_t perm, int not_in_quota);
+ key_perm_t perm,
+ unsigned long flags);
+
+
+#define KEY_ALLOC_IN_QUOTA 0x0000 /* add to quota, reject if would overrun */
+#define KEY_ALLOC_QUOTA_OVERRUN 0x0001 /* add to quota, permit even if overrun */
+#define KEY_ALLOC_NOT_IN_QUOTA 0x0002 /* not in quota */
+
extern int key_payload_reserve(struct key *key, size_t datalen);
extern int key_instantiate_and_link(struct key *key,
const void *data,
@@ -285,7 +292,7 @@
const char *description,
const void *payload,
size_t plen,
- int not_in_quota);
+ unsigned long flags);
extern int key_update(key_ref_t key,
const void *payload,
@@ -299,7 +306,7 @@
extern struct key *keyring_alloc(const char *description, uid_t uid, gid_t gid,
struct task_struct *ctx,
- int not_in_quota,
+ unsigned long flags,
struct key *dest);
extern int keyring_clear(struct key *keyring);
