|author||Jeff Layton <firstname.lastname@example.org>||2012-04-25 12:46:50 -0400|
|committer||Jeff Layton <email@example.com>||2012-04-25 12:46:50 -0400|
|parent||Merge git://git.kernel.org/pub/scm/linux/kernel/git/steve/gfs2-3.0-fixes (diff)|
keys: update the documentation with info about "logon" keys
Acked-by: David Howells <firstname.lastname@example.org> Signed-off-by: Jeff Layton <email@example.com>
Diffstat (limited to 'Documentation/security/keys.txt')
1 files changed, 13 insertions, 1 deletions
diff --git a/Documentation/security/keys.txt b/Documentation/security/keys.txt
index 787717091421..d389acd31e19 100644
@@ -123,7 +123,7 @@ KEY SERVICE OVERVIEW
The key service provides a number of features besides keys:
- (*) The key service defines two special key types:
+ (*) The key service defines three special key types:
@@ -137,6 +137,18 @@ The key service provides a number of features besides keys:
blobs of data. These can be created, updated and read by userspace,
and aren't intended for use by kernel services.
+ (+) "logon"
+ Like a "user" key, a "logon" key has a payload that is an arbitrary
+ blob of data. It is intended as a place to store secrets which are
+ accessible to the kernel but not to userspace programs.
+ The description can be arbitrary, but must be prefixed with a non-zero
+ length string that describes the key "subclass". The subclass is
+ separated from the rest of the description by a ':'. "logon" keys can
+ be created and updated from userspace, but the payload is only
+ readable from kernel space.
(*) Each process subscribes to three keyrings: a thread-specific keyring, a
process-specific keyring, and a session-specific keyring.