1
linux/security/keys
David Howells 700920eb5b KEYS: Allow special keyrings to be cleared
The kernel contains some special internal keyrings, for instance the DNS
resolver keyring :

2a93faf1 I-----     1 perm 1f030000     0     0 keyring   .dns_resolver: empty

It would occasionally be useful to allow the contents of such keyrings to be
flushed by root (cache invalidation).

Allow a flag to be set on a keyring to mark that someone possessing the
sysadmin capability can clear the keyring, even without normal write access to
the keyring.

Set this flag on the special keyrings created by the DNS resolver, the NFS
identity mapper and the CIFS identity mapper.

Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Jeff Layton <jlayton@redhat.com>
Acked-by: Steve Dickson <steved@redhat.com>
Signed-off-by: James Morris <jmorris@namei.org>
2012-01-19 14:38:51 +11:00
..
encrypted-keys encrypted-keys: module build fixes 2011-11-16 14:23:14 -05:00
compat.c Cross Memory Attach 2011-10-31 17:30:44 -07:00
gc.c KEYS: Correctly destroy key payloads when their keytype is removed 2011-08-23 09:57:37 +10:00
internal.h KEYS: Correctly destroy key payloads when their keytype is removed 2011-08-23 09:57:37 +10:00
key.c KEYS: Give key types their own lockdep class for key->sem 2011-11-17 09:35:32 +11:00
keyctl.c KEYS: Allow special keyrings to be cleared 2012-01-19 14:38:51 +11:00
keyring.c KEYS: __key_link() should use the RCU deref wrapper for keyring payloads 2011-08-23 09:57:34 +10:00
Makefile encrypted-keys: create encrypted-keys directory 2011-09-14 15:22:26 -04:00
permission.c KEYS: Fix up comments in key management code 2011-01-21 14:59:30 -08:00
proc.c KEYS: Improve /proc/keys 2011-03-17 11:59:32 +11:00
process_keys.c KEYS: keyctl_get_keyring_ID() should create a session keyring if create flag set 2011-08-23 09:57:34 +10:00
request_key_auth.c KEYS: Don't return EAGAIN to keyctl_assume_authority() 2011-06-14 15:03:29 +10:00
request_key.c KEYS: Fix error handling in construct_key_and_link() 2011-06-21 18:31:45 -07:00
sysctl.c
trusted.c security: follow rename pack_hex_byte() to hex_byte_pack() 2011-10-31 17:30:56 -07:00
trusted.h trusted-keys: rename trusted_defined files to trusted 2011-01-24 10:14:22 +11:00
user_defined.c KEYS: Fix a NULL pointer deref in the user-defined key type 2011-11-15 22:32:38 -02:00