linux-hardened/Documentation/security
David Howells 700920eb5b KEYS: Allow special keyrings to be cleared
The kernel contains some special internal keyrings, for instance the DNS
resolver keyring :

2a93faf1 I-----     1 perm 1f030000     0     0 keyring   .dns_resolver: empty

It would occasionally be useful to allow the contents of such keyrings to be
flushed by root (cache invalidation).

Allow a flag to be set on a keyring to mark that someone possessing the
sysadmin capability can clear the keyring, even without normal write access to
the keyring.

Set this flag on the special keyrings created by the DNS resolver, the NFS
identity mapper and the CIFS identity mapper.

Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Jeff Layton <jlayton@redhat.com>
Acked-by: Steve Dickson <steved@redhat.com>
Signed-off-by: James Morris <jmorris@namei.org>
2012-01-19 14:38:51 +11:00
..
00-INDEX Documentation: clarify the purpose of LSMs 2011-11-16 12:37:27 +11:00
apparmor.txt
credentials.txt Documentation: clarify the purpose of LSMs 2011-11-16 12:37:27 +11:00
keys-ecryptfs.txt encrypted-keys: move ecryptfs documentation to proper location 2011-06-30 19:08:14 +10:00
keys-request-key.txt
keys-trusted-encrypted.txt doc: fix broken references 2011-09-27 18:08:04 +02:00
keys.txt KEYS: Allow special keyrings to be cleared 2012-01-19 14:38:51 +11:00
LSM.txt Documentation: clarify the purpose of LSMs 2011-11-16 12:37:27 +11:00
SELinux.txt
Smack.txt
tomoyo.txt