summaryrefslogtreecommitdiffstats
path: root/Documentation/security/keys
diff options
context:
space:
mode:
authorMat Martineau <mathew.j.martineau@linux.intel.com>2017-07-13 14:17:03 +0200
committerJames Morris <james.l.morris@oracle.com>2017-07-14 03:01:38 +0200
commit7228b66aaf723a623e578aa4db7d083bb39546c9 (patch)
tree73b4c8eaf75430fbb7c3551d882a29bd5f6195fe /Documentation/security/keys
parentKEYS: DH: validate __spare field (diff)
downloadlinux-7228b66aaf723a623e578aa4db7d083bb39546c9.tar.xz
linux-7228b66aaf723a623e578aa4db7d083bb39546c9.zip
KEYS: Add documentation for asymmetric keyring restrictions
Provide more specific examples of keyring restrictions as applied to X.509 signature chain verification. Signed-off-by: Mat Martineau <mathew.j.martineau@linux.intel.com> Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: James Morris <james.l.morris@oracle.com>
Diffstat (limited to 'Documentation/security/keys')
-rw-r--r--Documentation/security/keys/core.rst6
1 files changed, 6 insertions, 0 deletions
diff --git a/Documentation/security/keys/core.rst b/Documentation/security/keys/core.rst
index 0d831a7afe4f..1648fa80b3bf 100644
--- a/Documentation/security/keys/core.rst
+++ b/Documentation/security/keys/core.rst
@@ -894,6 +894,12 @@ The keyctl syscall functions are:
To apply a keyring restriction the process must have Set Attribute
permission and the keyring must not be previously restricted.
+ One application of restricted keyrings is to verify X.509 certificate
+ chains or individual certificate signatures using the asymmetric key type.
+ See Documentation/crypto/asymmetric-keys.txt for specific restrictions
+ applicable to the asymmetric key type.
+
+
Kernel Services
===============