1 files changed, 24 insertions, 0 deletions
diff --git a/Documentation/keys.txt b/Documentation/keys.txt
index eeda00f82d2c..aaa01b0e3ee9 100644
--- a/Documentation/keys.txt
+++ b/Documentation/keys.txt
@@ -308,6 +308,8 @@ process making the call:
        KEY_SPEC_USER_KEYRING           -4      UID-specific keyring
        KEY_SPEC_USER_SESSION_KEYRING   -5      UID-session keyring
        KEY_SPEC_GROUP_KEYRING          -6      GID-specific keyring
+        KEY_SPEC_REQKEY_AUTH_KEY        -7      assumed request_key()
+                                                  authorisation key
 The main syscalls are:
@@ -645,6 +647,28 @@ The keyctl syscall functions are:
     or expired keys.
+ (*) Assume the authority granted to instantiate a key
+        long keyctl(KEYCTL_ASSUME_AUTHORITY, key_serial_t key);
+     This assumes or divests the authority required to instantiate the
+     specified key. Authority can only be assumed if the thread has the
+     authorisation key associated with the specified key in its keyrings
+     somewhere.
+     Once authority is assumed, searches for keys will also search the
+     requester's keyrings using the requester's security label, UID, GID and
+     groups.
+     If the requested authority is unavailable, error EPERM will be returned,
+     likewise if the authority has been revoked because the target key is
+     already instantiated.
+     If the specified key is 0, then any assumed authority will be divested.
+     The assumed authorititive key is inherited across fork and exec.
 ===============
 KERNEL SERVICES
 ===============

diff --git a/Documentation/keys.txt b/Documentation/keys.txt index eeda00f82d2c..aaa01b0e3ee9 100644 --- a/Documentation/keys.txt +++ b/Documentation/keys.txt
@@ -308,6 +308,8 @@ process making the call:
308	KEY_SPEC_USER_KEYRING -4 UID-specific keyring	308	KEY_SPEC_USER_KEYRING -4 UID-specific keyring
309	KEY_SPEC_USER_SESSION_KEYRING -5 UID-session keyring	309	KEY_SPEC_USER_SESSION_KEYRING -5 UID-session keyring
310	KEY_SPEC_GROUP_KEYRING -6 GID-specific keyring	310	KEY_SPEC_GROUP_KEYRING -6 GID-specific keyring
		311	KEY_SPEC_REQKEY_AUTH_KEY -7 assumed request_key()
		312	authorisation key
311		313
312		314
313	The main syscalls are:	315	The main syscalls are:
@@ -645,6 +647,28 @@ The keyctl syscall functions are:
645	or expired keys.	647	or expired keys.
646		648
647		649
		650	(*) Assume the authority granted to instantiate a key
		651
		652	long keyctl(KEYCTL_ASSUME_AUTHORITY, key_serial_t key);
		653
		654	This assumes or divests the authority required to instantiate the
		655	specified key. Authority can only be assumed if the thread has the
		656	authorisation key associated with the specified key in its keyrings
		657	somewhere.
		658
		659	Once authority is assumed, searches for keys will also search the
		660	requester's keyrings using the requester's security label, UID, GID and
		661	groups.
		662
		663	If the requested authority is unavailable, error EPERM will be returned,
		664	likewise if the authority has been revoked because the target key is
		665	already instantiated.
		666
		667	If the specified key is 0, then any assumed authority will be divested.
		668
		669	The assumed authorititive key is inherited across fork and exec.
		670
		671
648	===============	672	===============
649	KERNEL SERVICES	673	KERNEL SERVICES
650	===============	674	===============