KEYS: Use keyring_alloc() to create special keyrings

Use keyring_alloc() to create special keyrings now that it has a permissions parameter rather than using key_alloc() + key_instantiate_and_link(). Also document and export keyring_alloc() so that modules can use it too. Signed-off-by: David Howells <dhowells@redhat.com>
author: David Howells <dhowells@redhat.com> 2012-10-02 14:24:56 -0400
committer: David Howells <dhowells@redhat.com> 2012-10-02 14:24:56 -0400
commit: f8aa23a55f813c9bddec2a6176e0e67274e6e7c1 (patch)
tree: 1b1927cedb4f1d769fac19242f3a365c84e40cec /Documentation/security
parent: 96b5c8fea6c0861621051290d705ec2e971963f1 (diff)
1 files changed, 17 insertions, 0 deletions
diff --git a/Documentation/security/keys.txt b/Documentation/security/keys.txt
index aa0dbd74b71b..a4f9125c0333 100644
--- a/Documentation/security/keys.txt
+++ b/Documentation/security/keys.txt
@@ -990,6 +990,23 @@ payload contents" for more information.
    reference pointer if successful.
+(*) A keyring can be created by:
+        struct key *keyring_alloc(const char *description, uid_t uid, gid_t gid,
+                                  const struct cred *cred,
+                                  key_perm_t perm,
+                                  unsigned long flags,
+                                  struct key *dest);
+    This creates a keyring with the given attributes and returns it.  If dest
+    is not NULL, the new keyring will be linked into the keyring to which it
+    points.  No permission checks are made upon the destination keyring.
+    Error EDQUOT can be returned if the keyring would overload the quota (pass
+    KEY_ALLOC_NOT_IN_QUOTA in flags if the keyring shouldn't be accounted
+    towards the user's quota).  Error ENOMEM can also be returned.
 (*) To check the validity of a key, this function can be called:
        int validate_key(struct key *key);
author	David Howells <dhowells@redhat.com>	2012-10-02 14:24:56 -0400
committer	David Howells <dhowells@redhat.com>	2012-10-02 14:24:56 -0400
commit	f8aa23a55f813c9bddec2a6176e0e67274e6e7c1 (patch)
tree	1b1927cedb4f1d769fac19242f3a365c84e40cec /Documentation/security
parent	96b5c8fea6c0861621051290d705ec2e971963f1 (diff)

diff --git a/Documentation/security/keys.txt b/Documentation/security/keys.txt index aa0dbd74b71b..a4f9125c0333 100644 --- a/Documentation/security/keys.txt +++ b/Documentation/security/keys.txt
@@ -990,6 +990,23 @@ payload contents" for more information.
990	reference pointer if successful.	990	reference pointer if successful.
991		991
992		992
		993	(*) A keyring can be created by:
		994
		995	struct key keyring_alloc(const char description, uid_t uid, gid_t gid,
		996	const struct cred *cred,
		997	key_perm_t perm,
		998	unsigned long flags,
		999	struct key *dest);
		1000
		1001	This creates a keyring with the given attributes and returns it. If dest
		1002	is not NULL, the new keyring will be linked into the keyring to which it
		1003	points. No permission checks are made upon the destination keyring.
		1004
		1005	Error EDQUOT can be returned if the keyring would overload the quota (pass
		1006	KEY_ALLOC_NOT_IN_QUOTA in flags if the keyring shouldn't be accounted
		1007	towards the user's quota). Error ENOMEM can also be returned.
		1008
		1009
993	(*) To check the validity of a key, this function can be called:	1010	(*) To check the validity of a key, this function can be called:
994		1011
995	int validate_key(struct key *key);	1012	int validate_key(struct key *key);