mirror of https://github.com/mkerrisk/man-pages
keyctl.2: Clarify permission rules for KEYCTL_SETPERM
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
This commit is contained in:
parent
59d33fb6c1
commit
6e810113f1
|
@ -323,15 +323,19 @@ to the permissions provided in the
|
|||
argument (cast to
|
||||
.IR key_perm_t ).
|
||||
|
||||
The key must grant
|
||||
.I setattr
|
||||
permission to the caller.
|
||||
|
||||
If the caller doesn't have the
|
||||
.B CAP_SYS_ADMIN
|
||||
capability, it can change permissions only for the keys it owns.
|
||||
(More precisely: the caller's filesystem UID must match the UID of the key.)
|
||||
|
||||
The key must grant
|
||||
.I setattr
|
||||
permission to the caller
|
||||
.IR regardless
|
||||
of the caller's capabilities.
|
||||
.\" FIXME Above, is it really intended that a privileged process can't
|
||||
.\" override the lack of the 'setattr' permission?
|
||||
|
||||
The permissions in
|
||||
.IR arg3
|
||||
specify masks of available operations
|
||||
|
|
Loading…
Reference in New Issue