From Bugzilla Helper: User-Agent: Mozilla/5.0 (compatible; Konqueror/3.4; Linux) KHTML/3.4.2 (like Gecko) Description of problem: The attached patches are upstream improvements for the key management facility that need incorporation into RHEL-4. The patches in requisite order of application are: (1) A patch to add supplementary rights to the mask for processes/threads that possess a key in a keyring. (2) A patch to export user-defined key type operations. (3) A patch to move the permissions check function from a .h file into a .c file. (4) A patch to improve the request-key documentation. (5) A patch to make possessor permissions additive with normal UID/GID/Other permissions. (6) A patch to remove the key duplication facility. (7) A patch to add LSM hooks for key management. (8) A patch to fix a warning in kmod.c if keys are disabled. Version-Release number of selected component (if applicable): How reproducible: Always Steps to Reproduce: N/A Additional info:
Created attachment 120354 [details] Add supplementary rights for those in possession of a key
Created attachment 120355 [details] Export user-defined key type operations
Created attachment 120356 [details] Move permissions check function into a .c file
Created attachment 120357 [details] Improve the request_key documentation
Created attachment 120359 [details] Make possessor permissions additive
Created attachment 120361 [details] Remove key duplication facility
Created attachment 120363 [details] Add LSM hooks for key management
Created attachment 120365 [details] Fix a warning in kmod.c if keys are disabled
Created attachment 120600 [details] Remove incorrect obsolete logical-NOT operators This patch removes a couple of incorrect and obsolete '!' operators left over from the conversion of the key permission functions from true/false returns to zero/error returns.
Created attachment 121673 [details] Permission checking fix for key update vs add This patch fixes a bug in the "Add LSM hooks for key management" patch in which the wrong logic was applied to the tests when searching a keyring for a match to determine whether add_key() should update an existing key or create a new one. Without this patch, it'll always create a new key and discard the old one from the keyring. With this patch it'll update an old key if it can.
This got into last night's 2.6.9-25 beta build. So setting state to modified.
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2006-0132.html