1 files changed, 38 insertions, 1 deletions
diff --git a/Documentation/keys.txt b/Documentation/keys.txt
index b56aacc1fff8..e4dbbdb1bd96 100644
--- a/Documentation/keys.txt
+++ b/Documentation/keys.txt
@@ -26,7 +26,7 @@ This document has the following sections:
        - Notes on accessing payload contents
        - Defining a key type
        - Request-key callback service
-        - Key access filesystem
+        - Garbage collection
 ============
@@ -113,6 +113,9 @@ Each key has a number of attributes:
     (*) Dead. The key's type was unregistered, and so the key is now useless.
+Keys in the last three states are subject to garbage collection.  See the
+section on "Garbage collection".
 ====================
 KEY SERVICE OVERVIEW
@@ -754,6 +757,26 @@ The keyctl syscall functions are:
     successful.
+ (*) Install the calling process's session keyring on its parent.
+        long keyctl(KEYCTL_SESSION_TO_PARENT);
+     This functions attempts to install the calling process's session keyring
+     on to the calling process's parent, replacing the parent's current session
+     keyring.
+     The calling process must have the same ownership as its parent, the
+     keyring must have the same ownership as the calling process, the calling
+     process must have LINK permission on the keyring and the active LSM module
+     mustn't deny permission, otherwise error EPERM will be returned.
+     Error ENOMEM will be returned if there was insufficient memory to complete
+     the operation, otherwise 0 will be returned to indicate success.
+     The keyring will be replaced next time the parent process leaves the
+     kernel and resumes executing userspace.
 ===============
 KERNEL SERVICES
 ===============
@@ -1231,3 +1254,17 @@ by executing:
 In this case, the program isn't required to actually attach the key to a ring;
 the rings are provided for reference.
+==================
+GARBAGE COLLECTION
+==================
+Dead keys (for which the type has been removed) will be automatically unlinked
+from those keyrings that point to them and deleted as soon as possible by a
+background garbage collector.
+Similarly, revoked and expired keys will be garbage collected, but only after a
+certain amount of time has passed.  This time is set as a number of seconds in:
+        /proc/sys/kernel/keys/gc_delay

diff --git a/Documentation/keys.txt b/Documentation/keys.txt index b56aacc1fff8..e4dbbdb1bd96 100644 --- a/Documentation/keys.txt +++ b/Documentation/keys.txt
@@ -26,7 +26,7 @@ This document has the following sections:
26	- Notes on accessing payload contents	26	- Notes on accessing payload contents
27	- Defining a key type	27	- Defining a key type
28	- Request-key callback service	28	- Request-key callback service
29	- Key access filesystem	29	- Garbage collection
30		30
31		31
32	============	32	============
@@ -113,6 +113,9 @@ Each key has a number of attributes:
113		113
114	(*) Dead. The key's type was unregistered, and so the key is now useless.	114	(*) Dead. The key's type was unregistered, and so the key is now useless.
115		115
		116	Keys in the last three states are subject to garbage collection. See the
		117	section on "Garbage collection".
		118
116		119
117	====================	120	====================
118	KEY SERVICE OVERVIEW	121	KEY SERVICE OVERVIEW
@@ -754,6 +757,26 @@ The keyctl syscall functions are:
754	successful.	757	successful.
755		758
756		759
		760	(*) Install the calling process's session keyring on its parent.
		761
		762	long keyctl(KEYCTL_SESSION_TO_PARENT);
		763
		764	This functions attempts to install the calling process's session keyring
		765	on to the calling process's parent, replacing the parent's current session
		766	keyring.
		767
		768	The calling process must have the same ownership as its parent, the
		769	keyring must have the same ownership as the calling process, the calling
		770	process must have LINK permission on the keyring and the active LSM module
		771	mustn't deny permission, otherwise error EPERM will be returned.
		772
		773	Error ENOMEM will be returned if there was insufficient memory to complete
		774	the operation, otherwise 0 will be returned to indicate success.
		775
		776	The keyring will be replaced next time the parent process leaves the
		777	kernel and resumes executing userspace.
		778
		779
757	===============	780	===============
758	KERNEL SERVICES	781	KERNEL SERVICES
759	===============	782	===============
@@ -1231,3 +1254,17 @@ by executing:
1231		1254
1232	In this case, the program isn't required to actually attach the key to a ring;	1255	In this case, the program isn't required to actually attach the key to a ring;
1233	the rings are provided for reference.	1256	the rings are provided for reference.
		1257
		1258
		1259	==================
		1260	GARBAGE COLLECTION
		1261	==================
		1262
		1263	Dead keys (for which the type has been removed) will be automatically unlinked
		1264	from those keyrings that point to them and deleted as soon as possible by a
		1265	background garbage collector.
		1266
		1267	Similarly, revoked and expired keys will be garbage collected, but only after a
		1268	certain amount of time has passed. This time is set as a number of seconds in:
		1269
		1270	/proc/sys/kernel/keys/gc_delay