KEYS: prevent keys from being removed from specified keyrings - linux-dev - Linux kernel development work

diff options

author	Mimi Zohar <zohar@linux.vnet.ibm.com>	2015-11-10 08:34:46 -0500
committer	Mimi Zohar <zohar@linux.vnet.ibm.com>	2015-12-15 10:01:43 -0500
commit	d3600bcf9d64d88dc1d189a754dcfab960ce751f (patch)
tree	0db5cee0ddb99cfe1cbd7f8314653f36ddf5005f /security/integrity/ima/ima_mok.c
parent	IMA: allow reading back the current IMA policy (diff)
download	linux-dev-d3600bcf9d64d88dc1d189a754dcfab960ce751f.tar.xz linux-dev-d3600bcf9d64d88dc1d189a754dcfab960ce751f.zip

KEYS: prevent keys from being removed from specified keyrings

Userspace should not be allowed to remove keys from certain keyrings (eg. blacklist), though the keys themselves can expire. This patch defines a new key flag named KEY_FLAG_KEEP to prevent userspace from being able to unlink, revoke, invalidate or timed out a key on a keyring. When this flag is set on the keyring, all keys subsequently added are flagged. In addition, when this flag is set, the keyring itself can not be cleared. Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com> Cc: David Howells <dhowells@redhat.com>

Diffstat (limited to '')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: