]> git.baikalelectronics.ru Git - kernel.git/commit
projects / kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 1b213a3) | patch
KEYS: prevent keys from being removed from specified keyrings
authorMimi Zohar <zohar@linux.vnet.ibm.com>
Tue, 10 Nov 2015 13:34:46 +0000 (08:34 -0500)
committerMimi Zohar <zohar@linux.vnet.ibm.com>
Tue, 15 Dec 2015 15:01:43 +0000 (10:01 -0500)
commit542199d2bb40dcb3877dd795f3e4a36136e62c91
tree0db5cee0ddb99cfe1cbd7f8314653f36ddf5005ftree | snapshot
parent1b213a37fb5eb86984e84734b1a3cb2284995d08commit | diff
KEYS: prevent keys from being removed from specified keyrings

Userspace should not be allowed to remove keys from certain keyrings
(eg. blacklist), though the keys themselves can expire.

This patch defines a new key flag named KEY_FLAG_KEEP to prevent
userspace from being able to unlink, revoke, invalidate or timed
out a key on a keyring.  When this flag is set on the keyring, all
keys subsequently added are flagged.

In addition, when this flag is set, the keyring itself can not be
cleared.

Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Cc: David Howells <dhowells@redhat.com>
include/linux/key.h diff | blob | history
security/keys/key.c diff | blob | history
security/keys/keyctl.c diff | blob | history
Linux Kernel Source Tree.