Eric Biggers <ebiggers3@xxxxxxxxx> wrote:
> @@ -135,6 +135,9 @@ int install_thread_keyring_to_cred(struct cred *new)
> {
> struct key *keyring;
>
> + if (new->thread_keyring)
> + return -EEXIST;
> +
> keyring = keyring_alloc("_tid", new->uid, new->gid, new,
> KEY_POS_ALL | KEY_USR_VIEW,
> KEY_ALLOC_QUOTA_OVERRUN,
It would probably be better just to return 0 and change the comment on the
function to say that it sets a thread keyring if there isn't one already.
Same for the process keyring.
David