diff options
| author | Mat Martineau <mathew.j.martineau@linux.intel.com> | 2017-07-13 08:17:03 -0400 |
|---|---|---|
| committer | James Morris <james.l.morris@oracle.com> | 2017-07-13 21:01:38 -0400 |
| commit | 7228b66aaf723a623e578aa4db7d083bb39546c9 (patch) | |
| tree | 73b4c8eaf75430fbb7c3551d882a29bd5f6195fe /Documentation/security | |
| parent | 4f9dabfaf8df971f8a3b6aa324f8f817be38d538 (diff) | |
KEYS: Add documentation for asymmetric keyring restrictions
Provide more specific examples of keyring restrictions as applied to
X.509 signature chain verification.
Signed-off-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
Diffstat (limited to 'Documentation/security')
| -rw-r--r-- | Documentation/security/keys/core.rst | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/Documentation/security/keys/core.rst b/Documentation/security/keys/core.rst index 0d831a7afe4f..1648fa80b3bf 100644 --- a/Documentation/security/keys/core.rst +++ b/Documentation/security/keys/core.rst | |||
| @@ -894,6 +894,12 @@ The keyctl syscall functions are: | |||
| 894 | To apply a keyring restriction the process must have Set Attribute | 894 | To apply a keyring restriction the process must have Set Attribute |
| 895 | permission and the keyring must not be previously restricted. | 895 | permission and the keyring must not be previously restricted. |
| 896 | 896 | ||
| 897 | One application of restricted keyrings is to verify X.509 certificate | ||
| 898 | chains or individual certificate signatures using the asymmetric key type. | ||
| 899 | See Documentation/crypto/asymmetric-keys.txt for specific restrictions | ||
| 900 | applicable to the asymmetric key type. | ||
| 901 | |||
| 902 | |||
| 897 | Kernel Services | 903 | Kernel Services |
| 898 | =============== | 904 | =============== |
| 899 | 905 | ||