Re: [PATCH] KEYS: Allow special keyrings to be cleared

From: Trond Myklebust
Date: Fri Nov 11 2011 - 17:42:03 EST

Next message: NamJae Jeon: "Re: [PATCH] efi: add option for MSR partition."
Previous message: Udo Steinberg: "i915 screen corruption"
In reply to: David Howells: "[PATCH] KEYS: Allow special keyrings to be cleared"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 2011-11-11 at 16:07 +0000, David Howells wrote:
> The kernel contains some special internal keyrings, for instance the DNS
> resolver keyring :
>
> 2a93faf1 I----- 1 perm 1f030000 0 0 keyring .dns_resolver: empty
>
> It would occasionally be useful to allow the contents of such keyrings to be
> flushed by root (cache invalidation).
>
> Allow a flag to be set on a keyring to mark that someone possessing the
> sysadmin capability can clear the keyring, even without normal write access to
> the keyring.
>
> Set this flag on the special keyrings created by the DNS resolver, the NFS
> identity mapper and the CIFS identity mapper.
>
> Signed-off-by: David Howells <dhowells@xxxxxxxxxx>
> Acked-by: Jeff Layton <jlayton@xxxxxxxxxx>
> Acked-by: Steve Dickson <steved@xxxxxxxxxx>
Acked-by: Trond Myklebust <Trond.Myklebust@xxxxxxxxxx>

--
Trond Myklebust
Linux NFS client maintainer

NetApp
Trond.Myklebust@xxxxxxxxxx
www.netapp.com

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: NamJae Jeon: "Re: [PATCH] efi: add option for MSR partition."
Previous message: Udo Steinberg: "i915 screen corruption"
In reply to: David Howells: "[PATCH] KEYS: Allow special keyrings to be cleared"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]