diff options
author | Mat Martineau <mathew.j.martineau@linux.intel.com> | 2017-07-13 14:17:03 +0200 |
---|---|---|
committer | James Morris <james.l.morris@oracle.com> | 2017-07-14 03:01:38 +0200 |
commit | 7228b66aaf723a623e578aa4db7d083bb39546c9 (patch) | |
tree | 73b4c8eaf75430fbb7c3551d882a29bd5f6195fe /Documentation/security | |
parent | KEYS: DH: validate __spare field (diff) | |
download | linux-7228b66aaf723a623e578aa4db7d083bb39546c9.tar.xz linux-7228b66aaf723a623e578aa4db7d083bb39546c9.zip |
KEYS: Add documentation for asymmetric keyring restrictions
Provide more specific examples of keyring restrictions as applied to
X.509 signature chain verification.
Signed-off-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
Diffstat (limited to 'Documentation/security')
-rw-r--r-- | Documentation/security/keys/core.rst | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/Documentation/security/keys/core.rst b/Documentation/security/keys/core.rst index 0d831a7afe4f..1648fa80b3bf 100644 --- a/Documentation/security/keys/core.rst +++ b/Documentation/security/keys/core.rst @@ -894,6 +894,12 @@ The keyctl syscall functions are: To apply a keyring restriction the process must have Set Attribute permission and the keyring must not be previously restricted. + One application of restricted keyrings is to verify X.509 certificate + chains or individual certificate signatures using the asymmetric key type. + See Documentation/crypto/asymmetric-keys.txt for specific restrictions + applicable to the asymmetric key type. + + Kernel Services =============== |