diff options
Diffstat (limited to 'Documentation/security/keys.txt')
| -rw-r--r-- | Documentation/security/keys.txt | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/Documentation/security/keys.txt b/Documentation/security/keys.txt index 4d75931d2d79..787717091421 100644 --- a/Documentation/security/keys.txt +++ b/Documentation/security/keys.txt | |||
| @@ -554,6 +554,10 @@ The keyctl syscall functions are: | |||
| 554 | process must have write permission on the keyring, and it must be a | 554 | process must have write permission on the keyring, and it must be a |
| 555 | keyring (or else error ENOTDIR will result). | 555 | keyring (or else error ENOTDIR will result). |
| 556 | 556 | ||
| 557 | This function can also be used to clear special kernel keyrings if they | ||
| 558 | are appropriately marked if the user has CAP_SYS_ADMIN capability. The | ||
| 559 | DNS resolver cache keyring is an example of this. | ||
| 560 | |||
| 557 | 561 | ||
| 558 | (*) Link a key into a keyring: | 562 | (*) Link a key into a keyring: |
| 559 | 563 | ||
| @@ -668,7 +672,7 @@ The keyctl syscall functions are: | |||
| 668 | 672 | ||
| 669 | If the kernel calls back to userspace to complete the instantiation of a | 673 | If the kernel calls back to userspace to complete the instantiation of a |
| 670 | key, userspace should use this call mark the key as negative before the | 674 | key, userspace should use this call mark the key as negative before the |
| 671 | invoked process returns if it is unable to fulfil the request. | 675 | invoked process returns if it is unable to fulfill the request. |
| 672 | 676 | ||
| 673 | The process must have write access on the key to be able to instantiate | 677 | The process must have write access on the key to be able to instantiate |
| 674 | it, and the key must be uninstantiated. | 678 | it, and the key must be uninstantiated. |