diff options
| author | James Morris <jmorris@namei.org> | 2012-02-09 07:02:34 +0100 |
|---|---|---|
| committer | James Morris <jmorris@namei.org> | 2012-02-09 07:02:34 +0100 |
| commit | 9e3ff38647a316e4f92d59b14c8f0eb13b33bb2c (patch) | |
| tree | 2750d9fc94b8fb78d9982ea4a62d586e7f0a7862 /Documentation | |
| parent | Merge branch 'linus-master'; commit 'v3.3-rc3' into next (diff) | |
| parent | ima: policy for RAMFS (diff) | |
| download | linux-9e3ff38647a316e4f92d59b14c8f0eb13b33bb2c.tar.xz linux-9e3ff38647a316e4f92d59b14c8f0eb13b33bb2c.zip | |
Merge branch 'next-queue' into next
Diffstat (limited to 'Documentation')
| -rw-r--r-- | Documentation/networking/dns_resolver.txt | 4 | ||||
| -rw-r--r-- | Documentation/security/keys.txt | 4 |
2 files changed, 8 insertions, 0 deletions
diff --git a/Documentation/networking/dns_resolver.txt b/Documentation/networking/dns_resolver.txt index 7f531ad83285..d86adcdae420 100644 --- a/Documentation/networking/dns_resolver.txt +++ b/Documentation/networking/dns_resolver.txt @@ -102,6 +102,10 @@ implemented in the module can be called after doing: If _expiry is non-NULL, the expiry time (TTL) of the result will be returned also. +The kernel maintains an internal keyring in which it caches looked up keys. +This can be cleared by any process that has the CAP_SYS_ADMIN capability by +the use of KEYCTL_KEYRING_CLEAR on the keyring ID. + =============================== READING DNS KEYS FROM USERSPACE diff --git a/Documentation/security/keys.txt b/Documentation/security/keys.txt index 4d75931d2d79..713ec232c562 100644 --- a/Documentation/security/keys.txt +++ b/Documentation/security/keys.txt @@ -554,6 +554,10 @@ The keyctl syscall functions are: process must have write permission on the keyring, and it must be a keyring (or else error ENOTDIR will result). + This function can also be used to clear special kernel keyrings if they + are appropriately marked if the user has CAP_SYS_ADMIN capability. The + DNS resolver cache keyring is an example of this. + (*) Link a key into a keyring: |