* [PATCH] keys: update the documentation with info about "logon" keys
@ 2012-04-03 18:34 Jeff Layton
0 siblings, 0 replies; only message in thread
From: Jeff Layton @ 2012-04-03 18:34 UTC (permalink / raw)
To: dhowells; +Cc: keyrings, linux-security-module, zohar, linux-kernel
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: David Howells <dhowells@redhat.com>
---
Documentation/security/keys.txt | 14 +++++++++++++-
1 files changed, 13 insertions(+), 1 deletions(-)
diff --git a/Documentation/security/keys.txt b/Documentation/security/keys.txt
index 7877170..1f5517a 100644
--- a/Documentation/security/keys.txt
+++ b/Documentation/security/keys.txt
@@ -123,7 +123,7 @@ KEY SERVICE OVERVIEW
The key service provides a number of features besides keys:
- (*) The key service defines two special key types:
+ (*) The key service defines three special key types:
(+) "keyring"
@@ -137,6 +137,18 @@ The key service provides a number of features besides keys:
blobs of data. These can be created, updated and read by userspace,
and aren't intended for use by kernel services.
+ (+) "logon"
+
+ Like a "user" key, a "logon" key has a payload that is an arbitrary
+ blob of data. It is intended as a place to store secrets which are
+ accessible to the kernel but not to userspace programs.
+
+ The description can be arbitrary, but must be prefixed with a non-zero
+ length string that describes the key "subclass". The subclass is
+ separated from the rest of the description by a ':'. "logon" keys can
+ be created and updated from userspace, but the payload is only
+ readable from kernel space.
+
(*) Each process subscribes to three keyrings: a thread-specific keyring, a
process-specific keyring, and a session-specific keyring.
--
1.7.7.6
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2012-04-03 18:34 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2012-04-03 18:34 [PATCH] keys: update the documentation with info about "logon" keys Jeff Layton
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).