keys: Grant Link permission to possessers of request_key auth keys

Grant Link permission to the possessers of request_key authentication keys, thereby allowing a daemon that is servicing upcalls to arrange things such that only the necessary auth key is passed to the actual service program and not all the daemon's pending auth keys. Signed-off-by: David Howells <dhowells@redhat.com> Reviewed-by: James Morris <jamorris@linux.microsoft.com>
author: David Howells <dhowells@redhat.com> 2019-05-20 21:51:43 +0100
committer: David Howells <dhowells@redhat.com> 2019-05-30 22:54:43 +0100
commit: f7f1394576563b7096fe858fb178bcaedfa0b245 (patch)
tree: ac5b9efbe2d73ccbfb2257aef6ffb28decdd1fd4 /security/keys
parent: ed0ac5c7ec3763e3261c48e3c5d4b7528b60fd85 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/security/keys/request_key_auth.c b/security/keys/request_key_auth.c
index 572c7a60473a..ec5226557023 100644
--- a/security/keys/request_key_auth.c
+++ b/security/keys/request_key_auth.c
@@ -204,7 +204,7 @@ struct key *request_key_auth_new(struct key *target, const char *op,
 
 	authkey = key_alloc(&key_type_request_key_auth, desc,
 			    cred->fsuid, cred->fsgid, cred,
-			    KEY_POS_VIEW | KEY_POS_READ | KEY_POS_SEARCH |
+			    KEY_POS_VIEW | KEY_POS_READ | KEY_POS_SEARCH | KEY_POS_LINK |
 			    KEY_USR_VIEW, KEY_ALLOC_NOT_IN_QUOTA, NULL);
 	if (IS_ERR(authkey)) {
 		ret = PTR_ERR(authkey);
author	David Howells <dhowells@redhat.com>	2019-05-20 21:51:43 +0100
committer	David Howells <dhowells@redhat.com>	2019-05-30 22:54:43 +0100
commit	f7f1394576563b7096fe858fb178bcaedfa0b245 (patch)
tree	ac5b9efbe2d73ccbfb2257aef6ffb28decdd1fd4 /security/keys
parent	ed0ac5c7ec3763e3261c48e3c5d4b7528b60fd85 (diff)