diff options
author | David Howells <dhowells@redhat.com> | 2012-10-02 20:24:56 +0200 |
---|---|---|
committer | David Howells <dhowells@redhat.com> | 2012-10-02 20:24:56 +0200 |
commit | f8aa23a55f813c9bddec2a6176e0e67274e6e7c1 (patch) | |
tree | 1b1927cedb4f1d769fac19242f3a365c84e40cec /Documentation/security | |
parent | KEYS: Reduce initial permissions on keys (diff) | |
download | linux-f8aa23a55f813c9bddec2a6176e0e67274e6e7c1.tar.xz linux-f8aa23a55f813c9bddec2a6176e0e67274e6e7c1.zip |
KEYS: Use keyring_alloc() to create special keyrings
Use keyring_alloc() to create special keyrings now that it has a permissions
parameter rather than using key_alloc() + key_instantiate_and_link().
Also document and export keyring_alloc() so that modules can use it too.
Signed-off-by: David Howells <dhowells@redhat.com>
Diffstat (limited to 'Documentation/security')
-rw-r--r-- | Documentation/security/keys.txt | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/Documentation/security/keys.txt b/Documentation/security/keys.txt index aa0dbd74b71b..a4f9125c0333 100644 --- a/Documentation/security/keys.txt +++ b/Documentation/security/keys.txt @@ -990,6 +990,23 @@ payload contents" for more information. reference pointer if successful. +(*) A keyring can be created by: + + struct key *keyring_alloc(const char *description, uid_t uid, gid_t gid, + const struct cred *cred, + key_perm_t perm, + unsigned long flags, + struct key *dest); + + This creates a keyring with the given attributes and returns it. If dest + is not NULL, the new keyring will be linked into the keyring to which it + points. No permission checks are made upon the destination keyring. + + Error EDQUOT can be returned if the keyring would overload the quota (pass + KEY_ALLOC_NOT_IN_QUOTA in flags if the keyring shouldn't be accounted + towards the user's quota). Error ENOMEM can also be returned. + + (*) To check the validity of a key, this function can be called: int validate_key(struct key *key); |