• David Howells's avatar
    KEYS: Make the session and process keyrings per-thread · 3a50597d
    David Howells authored
    Make the session keyring per-thread rather than per-process, but still
    inherited from the parent thread to solve a problem with PAM and gdm.
    
    The problem is that join_session_keyring() will reject attempts to change the
    session keyring of a multithreaded program but gdm is now multithreaded before
    it gets to the point of starting PAM and running pam_keyinit to create the
    session keyring.  See:
    
    	https://bugs.freedesktop.org/show_bug.cgi?id=49211
    
    The reason that join_session_keyring() will only change the session keyring
    under a single-threaded environment is that it's hard to alter the other
    thread's credentials to effect the change in a multi-threaded program.  The
    problems are such as:
    
     (1) How to prevent two threads both running join_session_keyring() from
         racing.
    
     (2) Another thread's credentials may not be modified directly by this process.
    
     (3) The number of threads is uncertain whilst we're not holding the
         appropriate spinlock, making preallocation slightly tricky.
    
     (4) We could use TIF_NOTIFY_RESUME and key_replace_session_keyring() to get
         another thread to replace its keyring, but that means preallocating for
         each thread.
    
    A reasonable way around this is to make the session keyring per-thread rather
    than per-process and just document that if you want a common session keyring,
    you must get it before you spawn any threads - which is the current situation
    anyway.
    
    Whilst we're at it, we can the process keyring behave in the same way.  This
    means we can clean up some of the ickyness in the creds code.
    
    Basically, after this patch, the session, process and thread keyrings are about
    inheritance rules only and not about sharing changes of keyring.
    Reported-by: default avatarMantas M. <grawity@gmail.com>
    Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
    Tested-by: default avatarRay Strode <rstrode@redhat.com>
    3a50597d
request_key.c 19 KB