X-Git-Url: https://err.no/cgi-bin/gitweb.cgi?a=blobdiff_plain;f=Documentation%2Fkeys.txt;h=6304db59bfe45619c198494c54705b8f5610a585;hb=f9a204e1de73a7007de66fb289e1d64a7665c9b4;hp=4afe03a58c5ba912d6977d38a76314fe34d7bf66;hpb=38a9a621aba953ddb8051547e98c10ec3c741312;p=linux-2.6 diff --git a/Documentation/keys.txt b/Documentation/keys.txt index 4afe03a58c..6304db59bf 100644 --- a/Documentation/keys.txt +++ b/Documentation/keys.txt @@ -196,7 +196,7 @@ KEY ACCESS PERMISSIONS Keys have an owner user ID, a group access ID, and a permissions mask. The mask has up to eight bits each for possessor, user, group and other access. Only -five of each set of eight bits are defined. These permissions granted are: +six of each set of eight bits are defined. These permissions granted are: (*) View @@ -224,6 +224,10 @@ five of each set of eight bits are defined. These permissions granted are: keyring to a key, a process must have Write permission on the keyring and Link permission on the key. + (*) Set Attribute + + This permits a key's UID, GID and permissions mask to be changed. + For changing the ownership, group ID or permissions mask, being the owner of the key or having the sysadmin capability is sufficient. @@ -242,15 +246,15 @@ about the status of the key service: this way: SERIAL FLAGS USAGE EXPY PERM UID GID TYPE DESCRIPTION: SUMMARY - 00000001 I----- 39 perm 1f1f0000 0 0 keyring _uid_ses.0: 1/4 - 00000002 I----- 2 perm 1f1f0000 0 0 keyring _uid.0: empty - 00000007 I----- 1 perm 1f1f0000 0 0 keyring _pid.1: empty - 0000018d I----- 1 perm 1f1f0000 0 0 keyring _pid.412: empty - 000004d2 I--Q-- 1 perm 1f1f0000 32 -1 keyring _uid.32: 1/4 - 000004d3 I--Q-- 3 perm 1f1f0000 32 -1 keyring _uid_ses.32: empty + 00000001 I----- 39 perm 1f3f0000 0 0 keyring _uid_ses.0: 1/4 + 00000002 I----- 2 perm 1f3f0000 0 0 keyring _uid.0: empty + 00000007 I----- 1 perm 1f3f0000 0 0 keyring _pid.1: empty + 0000018d I----- 1 perm 1f3f0000 0 0 keyring _pid.412: empty + 000004d2 I--Q-- 1 perm 1f3f0000 32 -1 keyring _uid.32: 1/4 + 000004d3 I--Q-- 3 perm 1f3f0000 32 -1 keyring _uid_ses.32: empty 00000892 I--QU- 1 perm 1f000000 0 0 user metal:copper: 0 - 00000893 I--Q-N 1 35s 1f1f0000 0 0 user metal:silver: 0 - 00000894 I--Q-- 1 10h 001f0000 0 0 user metal:gold: 0 + 00000893 I--Q-N 1 35s 1f3f0000 0 0 user metal:silver: 0 + 00000894 I--Q-- 1 10h 003f0000 0 0 user metal:gold: 0 The flags are: @@ -856,24 +860,6 @@ The structure has a number of fields, some of which are mandatory: It is safe to sleep in this method. - (*) int (*duplicate)(struct key *key, const struct key *source); - - If this type of key can be duplicated, then this method should be - provided. It is called to copy the payload attached to the source into the - new key. The data length on the new key will have been updated and the - quota adjusted already. - - This method will be called with the source key's semaphore read-locked to - prevent its payload from being changed, thus RCU constraints need not be - applied to the source key. - - This method does not have to lock the destination key in order to attach a - payload. The fact that KEY_FLAG_INSTANTIATED is not set in key->flags - prevents anything else from gaining access to the key. - - It is safe to sleep in this method. - - (*) int (*update)(struct key *key, const void *data, size_t datalen); If this type of key can be updated, then this method should be provided.