git.kernel.dk Git - linux-2.6-block.git/commit

KEYS: Add KEYCTL_RESTRICT_KEYRING

Keyrings recently gained restrict_link capabilities that allow
individual keys to be validated prior to linking.  This functionality
was only available using internal kernel APIs.

With the KEYCTL_RESTRICT_KEYRING command existing keyrings can be
configured to check the content of keys before they are linked, and
then allow or disallow linkage of that key to the keyring.

To restrict a keyring, call:

  keyctl(KEYCTL_RESTRICT_KEYRING, key_serial_t keyring, const char *type,
         const char *restriction)

where 'type' is the name of a registered key type and 'restriction' is a
string describing how key linkage is to be restricted. The restriction
option syntax is specific to each key type.

Signed-off-by: Mat Martineau <mathew.j.martineau@linux.intel.com>

author	Mat Martineau <mathew.j.martineau@linux.intel.com>
	Thu, 2 Mar 2017 00:44:09 +0000 (16:44 -0800)
committer	Mat Martineau <mathew.j.martineau@linux.intel.com>
	Tue, 4 Apr 2017 21:10:12 +0000 (14:10 -0700)
commit	6563c91fd645556c7801748f15bc727c77fcd311
tree	714a6be7606cb6646c7b182bae136ef26bc9692e	tree \| snapshot
parent	4a420896f12d2d043602f134ae18ad6be5b9d9dd	commit \| diff

Documentation/security/keys.txt		diff \| blob \| blame \| history
include/linux/key.h		diff \| blob \| blame \| history
include/uapi/linux/keyctl.h		diff \| blob \| blame \| history
security/keys/compat.c		diff \| blob \| blame \| history
security/keys/internal.h		diff \| blob \| blame \| history
security/keys/keyctl.c		diff \| blob \| blame \| history
security/keys/keyring.c		diff \| blob \| blame \| history