From a05a4830a32ef9f89e7bd372a7bae9b96b1ac266 Mon Sep 17 00:00:00 2001 From: Jeff Layton Date: Wed, 25 Apr 2012 12:46:50 -0400 Subject: keys: update the documentation with info about "logon" keys Acked-by: David Howells Signed-off-by: Jeff Layton --- Documentation/security/keys.txt | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) (limited to 'Documentation/security/keys.txt') diff --git a/Documentation/security/keys.txt b/Documentation/security/keys.txt index 787717091421..d389acd31e19 100644 --- a/Documentation/security/keys.txt +++ b/Documentation/security/keys.txt @@ -123,7 +123,7 @@ KEY SERVICE OVERVIEW The key service provides a number of features besides keys: - (*) The key service defines two special key types: + (*) The key service defines three special key types: (+) "keyring" @@ -137,6 +137,18 @@ The key service provides a number of features besides keys: blobs of data. These can be created, updated and read by userspace, and aren't intended for use by kernel services. + (+) "logon" + + Like a "user" key, a "logon" key has a payload that is an arbitrary + blob of data. It is intended as a place to store secrets which are + accessible to the kernel but not to userspace programs. + + The description can be arbitrary, but must be prefixed with a non-zero + length string that describes the key "subclass". The subclass is + separated from the rest of the description by a ':'. "logon" keys can + be created and updated from userspace, but the payload is only + readable from kernel space. + (*) Each process subscribes to three keyrings: a thread-specific keyring, a process-specific keyring, and a session-specific keyring. -- cgit v1.2.3-59-g8ed1b