aboutsummaryrefslogtreecommitdiffstats
path: root/net/dns_resolver
diff options
context:
space:
mode:
authorDavid Howells <dhowells@redhat.com>2012-01-18 10:31:45 -0500
committerJames Morris <jmorris@namei.org>2012-01-18 22:38:51 -0500
commit700920eb5ba4de5417b446c9a8bb008df2b973e0 (patch)
tree8e2caa32a5cdcd47347ff84bc3e95915d000f537 /net/dns_resolver
parent53999bf34d55981328f8ba9def558d3e104d6e36 (diff)
KEYS: Allow special keyrings to be cleared
The kernel contains some special internal keyrings, for instance the DNS resolver keyring : 2a93faf1 I----- 1 perm 1f030000 0 0 keyring .dns_resolver: empty It would occasionally be useful to allow the contents of such keyrings to be flushed by root (cache invalidation). Allow a flag to be set on a keyring to mark that someone possessing the sysadmin capability can clear the keyring, even without normal write access to the keyring. Set this flag on the special keyrings created by the DNS resolver, the NFS identity mapper and the CIFS identity mapper. Signed-off-by: David Howells <dhowells@redhat.com> Acked-by: Jeff Layton <jlayton@redhat.com> Acked-by: Steve Dickson <steved@redhat.com> Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'net/dns_resolver')
-rw-r--r--net/dns_resolver/dns_key.c1
1 files changed, 1 insertions, 0 deletions
diff --git a/net/dns_resolver/dns_key.c b/net/dns_resolver/dns_key.c
index fa000d26dc6..c73bba326d7 100644
--- a/net/dns_resolver/dns_key.c
+++ b/net/dns_resolver/dns_key.c
@@ -281,6 +281,7 @@ static int __init init_dns_resolver(void)
281 281
282 /* instruct request_key() to use this special keyring as a cache for 282 /* instruct request_key() to use this special keyring as a cache for
283 * the results it looks up */ 283 * the results it looks up */
284 set_bit(KEY_FLAG_ROOT_CAN_CLEAR, &keyring->flags);
284 cred->thread_keyring = keyring; 285 cred->thread_keyring = keyring;
285 cred->jit_keyring = KEY_REQKEY_DEFL_THREAD_KEYRING; 286 cred->jit_keyring = KEY_REQKEY_DEFL_THREAD_KEYRING;
286 dns_resolver_cache = cred; 287 dns_resolver_cache = cred;