aboutsummaryrefslogtreecommitdiffstats
path: root/Documentation/security
diff options
context:
space:
mode:
authorJeff Layton <jlayton@redhat.com>2012-04-25 12:46:50 -0400
committerJeff Layton <jlayton@redhat.com>2012-04-25 12:46:50 -0400
commita05a4830a32ef9f89e7bd372a7bae9b96b1ac266 (patch)
tree04e3383340b422753f0db87cad61919ce54335fa /Documentation/security
parentaf3a3ab2966112c0d0a44df7eeb1e95fe32d4495 (diff)
keys: update the documentation with info about "logon" keys
Acked-by: David Howells <dhowells@redhat.com> Signed-off-by: Jeff Layton <jlayton@redhat.com>
Diffstat (limited to 'Documentation/security')
-rw-r--r--Documentation/security/keys.txt14
1 files changed, 13 insertions, 1 deletions
diff --git a/Documentation/security/keys.txt b/Documentation/security/keys.txt
index 787717091421..d389acd31e19 100644
--- a/Documentation/security/keys.txt
+++ b/Documentation/security/keys.txt
@@ -123,7 +123,7 @@ KEY SERVICE OVERVIEW
123 123
124The key service provides a number of features besides keys: 124The key service provides a number of features besides keys:
125 125
126 (*) The key service defines two special key types: 126 (*) The key service defines three special key types:
127 127
128 (+) "keyring" 128 (+) "keyring"
129 129
@@ -137,6 +137,18 @@ The key service provides a number of features besides keys:
137 blobs of data. These can be created, updated and read by userspace, 137 blobs of data. These can be created, updated and read by userspace,
138 and aren't intended for use by kernel services. 138 and aren't intended for use by kernel services.
139 139
140 (+) "logon"
141
142 Like a "user" key, a "logon" key has a payload that is an arbitrary
143 blob of data. It is intended as a place to store secrets which are
144 accessible to the kernel but not to userspace programs.
145
146 The description can be arbitrary, but must be prefixed with a non-zero
147 length string that describes the key "subclass". The subclass is
148 separated from the rest of the description by a ':'. "logon" keys can
149 be created and updated from userspace, but the payload is only
150 readable from kernel space.
151
140 (*) Each process subscribes to three keyrings: a thread-specific keyring, a 152 (*) Each process subscribes to three keyrings: a thread-specific keyring, a
141 process-specific keyring, and a session-specific keyring. 153 process-specific keyring, and a session-specific keyring.
142 154