Re: [Keyrings] [PATCH 2/9] keys: update the description with infoabout "logon" keys

From: Mimi Zohar
Date: Wed Mar 28 2012 - 07:28:52 EST

Next message: Daniel Kurtz: "Re: [PATCH 08/13 v4] drm/i915/intel_i2c: handle zero-length writes"
Previous message: Ralf Hildebrandt: "Re: 3.3.0: "INFO: rcu_bh detected stall on CPU 3 (t=0 jiffies)""
In reply to: David Howells: "[PATCH 2/9] keys: update the description with info about "logon" keys"
Next in thread: David Howells: "Re: [PATCH 1/9] KEYS: Use the compat keyctl() syscall wrapper on Sparc64 for Sparc32 compat"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 2012-03-28 at 11:46 +0100, David Howells wrote:
> From: Jeff Layton <jlayton@xxxxxxxxxx>
>
> Signed-off-by: Jeff Layton <jlayton@xxxxxxxxxx>
> Signed-off-by: David Howells <dhowells@xxxxxxxxxx>
> ---
>
> Documentation/security/keys.txt | 15 ++++++++++++++-
> 1 files changed, 14 insertions(+), 1 deletions(-)
>
> diff --git a/Documentation/security/keys.txt b/Documentation/security/keys.txt
> index 7877170..4c8cf36 100644
> --- a/Documentation/security/keys.txt
> +++ b/Documentation/security/keys.txt
> @@ -123,7 +123,7 @@ KEY SERVICE OVERVIEW
>
> The key service provides a number of features besides keys:
>
> - (*) The key service defines two special key types:
> + (*) The key service defines three special key types:
>
> (+) "keyring"
>
> @@ -137,6 +137,19 @@ The key service provides a number of features besides keys:
> blobs of data. These can be created, updated and read by userspace,
> and aren't intended for use by kernel services.
>
> + (+) "logon"
> +
> + Like a "user" key, a "logon" key has a payload that is an arbitrary
> + blob of data. It is intended as a place to store secrets that the
> + to which the kernel should have access but that should not be
> + accessable from userspace.

The last sentence is a bit awkward. Can we rephrase it a bit? Maybe
"which is accessible by the kernel, ..."?

thanks,

Mimi

> +
> + The description can be arbitrary, but must be prefixed with a non-zero
> + length string that describes the key "subclass". The subclass is
> + separated from the rest of the description by a ':'. "logon" keys can
> + be created and updated by userspace, but the payload is only readable
> + from kernel space.
> +
> (*) Each process subscribes to three keyrings: a thread-specific keyring, a
> process-specific keyring, and a session-specific keyring.

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Daniel Kurtz: "Re: [PATCH 08/13 v4] drm/i915/intel_i2c: handle zero-length writes"
Previous message: Ralf Hildebrandt: "Re: 3.3.0: "INFO: rcu_bh detected stall on CPU 3 (t=0 jiffies)""
In reply to: David Howells: "[PATCH 2/9] keys: update the description with info about "logon" keys"
Next in thread: David Howells: "Re: [PATCH 1/9] KEYS: Use the compat keyctl() syscall wrapper on Sparc64 for Sparc32 compat"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]