From 7d530b9080f6dd4d7f7e4555ed6ce855ff81bcaa Mon Sep 17 00:00:00 2001 From: Simon Wilkinson Date: Mon, 11 May 2009 15:54:50 +0000 Subject: [PATCH] linux26-defer-cred-changing-20090511 LICENSE IPL10 FIXES 124737 Newer Linux kernels differentiate between the real and effective credentials of a process, and prevent a process's credentials from being change when the effective credentials have been set to a different value. When AFS notices a keyring PAG exists but no group-based PAG does, the attempt to rectify this, if done in a VFS call (which changes effective creds) triggers this issue. We defer the change to the groups to avoid it. --- src/afs/LINUX/osi_cred.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/afs/LINUX/osi_cred.c b/src/afs/LINUX/osi_cred.c index 3fe9b78779..1cfe88d840 100644 --- a/src/afs/LINUX/osi_cred.c +++ b/src/afs/LINUX/osi_cred.c @@ -104,6 +104,12 @@ crset(cred_t * cr) #if defined(STRUCT_TASK_HAS_CRED) struct cred *new_creds; + /* If our current task doesn't have identical real and effective + * credentials, commit_cred won't let us change them, so we just + * bail here. + */ + if (current->cred != current->real_cred) + return; new_creds = prepare_creds(); new_creds->fsuid = cr->cr_uid; new_creds->uid = cr->cr_ruid;