KEYS: Add a new keyctl op to reject a key with a specified error code

Add a new keyctl op to reject a key with a specified error code. This works much the same as negating a key, and so keyctl_negate_key() is made a special case of keyctl_reject_key(). The difference is that keyctl_negate_key() selects ENOKEY as the error to be reported. Typically the key would be rejected with EKEYEXPIRED, EKEYREVOKED or EKEYREJECTED, but this is not mandatory. Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: James Morris <jmorris@namei.org>
author: David Howells <dhowells@redhat.com> 2011-03-07 10:06:09 -0500
committer: James Morris <jmorris@namei.org> 2011-03-07 19:17:18 -0500
commit: fdd1b94581782a2ddf9124414e5b7a5f48ce2f9c (patch)
tree: ce83bfd1f0b1a7d4b9521bdb3d6afef1bff1d4f2 /Documentation/keys-request-key.txt
parent: b9fffa3877a3ebbe0a5ad5a247358e2f7df15b24 (diff)
1 files changed, 5 insertions, 4 deletions
diff --git a/Documentation/keys-request-key.txt b/Documentation/keys-request-key.txt
index 09b55e46174..69686ad12c6 100644
--- a/Documentation/keys-request-key.txt
+++ b/Documentation/keys-request-key.txt
@@ -127,14 +127,15 @@ This is because process A's keyrings can't simply be attached to
 of them, and (b) it requires the same UID/GID/Groups all the way through.
-======================
+====================================
-NEGATIVE INSTANTIATION
+NEGATIVE INSTANTIATION AND REJECTION
-======================
+====================================
 Rather than instantiating a key, it is possible for the possessor of an
 authorisation key to negatively instantiate a key that's under construction.
 This is a short duration placeholder that causes any attempt at re-requesting
-the key whilst it exists to fail with error ENOKEY.
+the key whilst it exists to fail with error ENOKEY if negated or the specified
+error if rejected.
 This is provided to prevent excessive repeated spawning of /sbin/request-key
 processes for a key that will never be obtainable.
author	David Howells <dhowells@redhat.com>	2011-03-07 10:06:09 -0500
committer	James Morris <jmorris@namei.org>	2011-03-07 19:17:18 -0500
commit	fdd1b94581782a2ddf9124414e5b7a5f48ce2f9c (patch)
tree	ce83bfd1f0b1a7d4b9521bdb3d6afef1bff1d4f2 /Documentation/keys-request-key.txt
parent	b9fffa3877a3ebbe0a5ad5a247358e2f7df15b24 (diff)

diff --git a/Documentation/keys-request-key.txt b/Documentation/keys-request-key.txt index 09b55e46174..69686ad12c6 100644 --- a/Documentation/keys-request-key.txt +++ b/Documentation/keys-request-key.txt
@@ -127,14 +127,15 @@ This is because process A's keyrings can't simply be attached to
127	of them, and (b) it requires the same UID/GID/Groups all the way through.	127	of them, and (b) it requires the same UID/GID/Groups all the way through.
128		128
129		129
130	======================	130	====================================
131	NEGATIVE INSTANTIATION	131	NEGATIVE INSTANTIATION AND REJECTION
132	======================	132	====================================
133		133
134	Rather than instantiating a key, it is possible for the possessor of an	134	Rather than instantiating a key, it is possible for the possessor of an
135	authorisation key to negatively instantiate a key that's under construction.	135	authorisation key to negatively instantiate a key that's under construction.
136	This is a short duration placeholder that causes any attempt at re-requesting	136	This is a short duration placeholder that causes any attempt at re-requesting
137	the key whilst it exists to fail with error ENOKEY.	137	the key whilst it exists to fail with error ENOKEY if negated or the specified
		138	error if rejected.
138		139
139	This is provided to prevent excessive repeated spawning of /sbin/request-key	140	This is provided to prevent excessive repeated spawning of /sbin/request-key
140	processes for a key that will never be obtainable.	141	processes for a key that will never be obtainable.