summaryrefslogtreecommitdiffstats
path: root/Documentation/security
diff options
context:
space:
mode:
authorJames Morris <james.l.morris@oracle.com>2012-05-04 12:46:40 +1000
committerJames Morris <james.l.morris@oracle.com>2012-05-04 12:46:40 +1000
commit898bfc1d46bd76f8ea2a0fbd239dd2073efe2aa3 (patch)
treee6e666085abe674dbf6292555961fe0a0f2e2d2f /Documentation/security
parent08162e6a23d476544adfe1164afe9ea8b34ab859 (diff)
parent69964ea4c7b68c9399f7977aa5b9aa6539a6a98a (diff)
downloadlinux-898bfc1d46bd76f8ea2a0fbd239dd2073efe2aa3.tar.bz2
Merge tag 'v3.4-rc5' into next
Linux 3.4-rc5 Merge to pull in prerequisite change for Smack: 86812bb0de1a3758dc6c7aa01a763158a7c0638a Requested by Casey.
Diffstat (limited to 'Documentation/security')
-rw-r--r--Documentation/security/keys.txt14
1 files changed, 13 insertions, 1 deletions
diff --git a/Documentation/security/keys.txt b/Documentation/security/keys.txt
index 787717091421..d389acd31e19 100644
--- a/Documentation/security/keys.txt
+++ b/Documentation/security/keys.txt
@@ -123,7 +123,7 @@ KEY SERVICE OVERVIEW
The key service provides a number of features besides keys:
- (*) The key service defines two special key types:
+ (*) The key service defines three special key types:
(+) "keyring"
@@ -137,6 +137,18 @@ The key service provides a number of features besides keys:
blobs of data. These can be created, updated and read by userspace,
and aren't intended for use by kernel services.
+ (+) "logon"
+
+ Like a "user" key, a "logon" key has a payload that is an arbitrary
+ blob of data. It is intended as a place to store secrets which are
+ accessible to the kernel but not to userspace programs.
+
+ The description can be arbitrary, but must be prefixed with a non-zero
+ length string that describes the key "subclass". The subclass is
+ separated from the rest of the description by a ':'. "logon" keys can
+ be created and updated from userspace, but the payload is only
+ readable from kernel space.
+
(*) Each process subscribes to three keyrings: a thread-specific keyring, a
process-specific keyring, and a session-specific keyring.