git.baikalelectronics.ru Git - kernel.git/commit

author	David Howells <dhowells@redhat.com>
	Wed, 18 Jan 2012 15:31:45 +0000 (15:31 +0000)
committer	James Morris <jmorris@namei.org>
	Thu, 19 Jan 2012 03:38:51 +0000 (14:38 +1100)
commit	84f4edc4244e919dade97fb61fbe1c546f9e2faf
tree	8e2caa32a5cdcd47347ff84bc3e95915d000f537	tree \| snapshot
parent	ee571f971f0d9e0fbe904003c10900729ce784e9	commit \| diff

KEYS: Allow special keyrings to be cleared

The kernel contains some special internal keyrings, for instance the DNS
resolver keyring :

2a93faf1 I----- 1 perm 1f030000 0 0 keyring .dns_resolver: empty

It would occasionally be useful to allow the contents of such keyrings to be
flushed by root (cache invalidation).

Allow a flag to be set on a keyring to mark that someone possessing the
sysadmin capability can clear the keyring, even without normal write access to
the keyring.

Set this flag on the special keyrings created by the DNS resolver, the NFS
identity mapper and the CIFS identity mapper.

Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Jeff Layton <jlayton@redhat.com>
Acked-by: Steve Dickson <steved@redhat.com>
Signed-off-by: James Morris <jmorris@namei.org>

Documentation/networking/dns_resolver.txt		diff \| blob \| history
Documentation/security/keys.txt		diff \| blob \| history
fs/cifs/cifsacl.c		diff \| blob \| history
fs/nfs/idmap.c		diff \| blob \| history
include/linux/key.h		diff \| blob \| history
net/dns_resolver/dns_key.c		diff \| blob \| history
security/keys/keyctl.c		diff \| blob \| history