LDP
/
man-pages
mirror of https://github.com/mkerrisk/man-pages
0
1
Fork 0
Code Releases Activity
17,213 Commits 1 Branch 197 Tags 93 MiB
Commit Graph

58 Commits

Author SHA1 Message Date
Eugene Syromyatnikov 2bcf858070 request_key.2: Add information regarding default keyring 
Notes from Eugene:

Based on linux v4.9-rc6 (9c763584):

 * security/keys/keyctl.c, SYSCALL_DEFINE4(request_key, ...), line 158:
  * Assume that call is performed with with destringid == 0:
  * We skip check on line 196, so dest_ref remains NULL
  * On line 213, request_key_and_link is called with key_ref_to_ptr(dest_ref)
   * key_ref_to_ptr() itself just zeroes lower bit which is used for
     indication that key reference in the possession of the current
     context.
 * security/keys/request_key.c, request_key_and_link, line 508:
  * On line 543, we try to search process keyrings for the key (we
    fill ctx at hte beginning of the function and then pass it to
    search_process_keyrings)
  * If key is found (key_ref is not erroneous), we convert key_ref to
    ptr on line 546 and skip the following block on line 547 since
    dest_keyring is 0.
  * If key is not found and error is not EAGAIN, then
    construct_key_and_link is called on line 566 with dest_keyring ==
    NULL.
 * security/keys/request_key.c, construct_key_and_link, line 430:
  * On line 450, construct_get_dest_keyring is called with dest_keyring
    == NULL.
 * security/keys/request_key.c, construct_get_dest_keyring, line 253:
  * The argument here (which is pointer to pointer to struct key) is
    named _dest_keyring, but on line 257 it is dereferenced to local
    variable dest_keyring (so it stores NULL now).
  * We re going to the "else" branch (starting from line 266) of check
    on line 262
  * Now we are switching against cred->jit_keyring with the behavour
    described in the patch.
 * git grep jit_keyring security/keys reveals that it is assigned inside
   keyctl_set_reqkey_keyring, security/keys/keyctl.c, line 1257.
 * keyctl_set_reqkey_keyring is called from SYSCALL_DEFINE5(keyctl,
   ...), when option passed to keyctl is KEYCTL_SET_REQKEY_KEYRING (line
   1652).
 * Default value for jit_keyring is sort of difficult to find out, since
   it is inherited, but overall it is explicitly set to
   KEY_REQKEY_DEFL_THREAD_KEYRING or copied from zeroed-out structures
   (so it is equal to KEY_REQKEY_DEFL_DEFAULT) which leads to the same
   behaviour in case the process has not been upcalled by request_key
   construction.

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2016-12-27 09:36:23 +01:00
Michael Kerrisk 0b617a3a9c request_key.2: wfix 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2016-12-27 09:36:22 +01:00
Michael Kerrisk 24fcf1d3e7 request_key.2: Tweaks to Eugene Syromyatnikov's patches 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2016-12-27 09:36:22 +01:00
Eugene Syromyatnikov b58584686b request_key.2: VERSIONS: Note kernel version that added key instantiation on request 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2016-12-27 09:36:22 +01:00
Eugene Syromyatnikov f70b502db6 request_key.2: Document some additional errors 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2016-12-27 09:36:22 +01:00
Eugene Syromyatnikov 9b0ac3ef53 request_key.2: wfix 2016-12-27 09:36:22 +01:00
Eugene Syromyatnikov 1bf661a0d8 request_key.2: tfix 2016-12-27 09:36:21 +01:00
Michael Kerrisk 1f39876b88 request_key.2: Minor tweaks 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2016-12-27 09:36:21 +01:00
Michael Kerrisk 4051799cd8 request_key.2: Remove errExit() from example program 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2016-12-27 09:36:21 +01:00
Michael Kerrisk 0bbcf59de2 request_key.2: Refer to keyctl(2) for another demo of the example program 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2016-12-27 09:36:20 +01:00
Michael Kerrisk 388adc3c19 request_key.2: Give the example program a name 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2016-12-27 09:36:20 +01:00
Michael Kerrisk 05705bbaf1 request_key.2: SEE ALSO: add capabilities(7) 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2016-12-27 09:36:20 +01:00
Michael Kerrisk 442a3aeb49 request_key.2: Tweaks 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2016-12-27 09:36:20 +01:00
Michael Kerrisk 466c3cd80f request_key.2: srcfix: remove FIXME 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2016-12-27 09:36:20 +01:00
Michael Kerrisk 5685b18c27 add_key.2, keyctl.2, request_key.2, syscalls.2: Correct kernel version for keys syscalls 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2016-12-27 09:36:20 +01:00
Michael Kerrisk 7ea452dc16 request_key.2: Update text/remove FIXMEs after discussion with David Howells 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2016-12-27 09:36:19 +01:00
Michael Kerrisk 46c0179ab7 dd_key.2, keyctl.2, request_key.2: ffix 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2016-12-27 09:36:15 +01:00
Michael Kerrisk 51b9f6c050 request_key.2: srcfix: FIXME updates 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2016-12-27 09:36:15 +01:00
Michael Kerrisk 8c8033b102 request_key.2: srcfix: FIXME tidy-up 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2016-12-27 09:36:15 +01:00
Michael Kerrisk a2333608a4 request_key.2: srcfix: FIXME tidyup 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2016-12-27 09:36:15 +01:00
Michael Kerrisk f3ff1d07b4 request_key.2: Change argument name 'keyring' to 'dest_keyring' 
Using 'dest_keyring' is more meaningful.

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2016-12-27 09:36:15 +01:00
Michael Kerrisk 53705ead37 request_key.2: Further expand details of the request-key user-space callout 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2016-12-27 09:36:15 +01:00
Michael Kerrisk 61baf86979 request_key.2: ERRORS: add two EINVAL error cases 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2016-12-27 09:36:15 +01:00
Michael Kerrisk 8fa7ef41da request_key.2: srcfix: FIXME 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2016-12-27 09:36:15 +01:00
Michael Kerrisk a7c31ed8ef request_key.2: Add an example program 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2016-12-27 09:36:15 +01:00
Michael Kerrisk 6011de34ff request_key.2: SYNOPSIS: include <sys/types.h> 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2016-12-27 09:36:15 +01:00
Michael Kerrisk 120ea0c808 request_key.2: Add details on the use of authorization keys 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2016-12-27 09:36:15 +01:00
Michael Kerrisk 2e3b9c2aa7 request_key.2: Various improvements to description 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2016-12-27 09:36:15 +01:00
Michael Kerrisk c7e3fd59ed request_key.2: srcfix: add FIXME 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2016-12-27 09:36:15 +01:00
Michael Kerrisk 3d4f67dd5d request_key.2: Clarify that search of keyring tree is breadth-first 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2016-12-27 09:36:15 +01:00
Michael Kerrisk f627086804 request_key.2: Expand SEE ALSO list 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2016-12-27 09:36:15 +01:00
Michael Kerrisk d2f1788ee8 request_key.2: Add notes on libkeyutils wrapper function 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2016-12-27 09:36:15 +01:00
Michael Kerrisk e2eab9148d request_key.2: Minor wording fixes 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2016-12-27 09:36:15 +01:00
Michael Kerrisk a2b148c3ef request_key.2: Add VERSIONS and CONFORMING TO sections 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2016-12-27 09:36:15 +01:00
Michael Kerrisk 2b8d7f4460 request_key.2: wfix 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2016-12-27 09:36:15 +01:00
Michael Kerrisk fbc46ac47d request_key.2: Add references to kernel documentation files 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2016-12-27 09:36:14 +01:00
Michael Kerrisk b8efb41432 memusage.1, memusagestat.1, pldd.1, accept.2, adjtimex.2, arch_prctl.2, bdflush.2, bpf.2, close.2, epoll_ctl.2, epoll_wait.2, execve.2, execveat.2, fanotify_init.2, fanotify_mark.2, fcntl.2, fsync.2, get_kernel_syms.2, getdomainname.2, getgroups.2, gethostname.2, getrandom.2, getrlimit.2, getrusage.2, getsid.2, getunwind.2, io_getevents.2, ioctl_fat.2, kexec_load.2, killpg.2, listxattr.2, lseek.2, madvise.2, memfd_create.2, mknod.2, mlock.2, modify_ldt.2, msgctl.2, msgget.2, msgop.2, readlink.2, readv.2, reboot.2, recvmmsg.2, rename.2, request_key.2, restart_syscall.2, sched_setaffinity.2, sched_setattr.2, sched_setparam.2, seccomp.2, select_tut.2, semctl.2, semget.2, semop.2, set_thread_area.2, seteuid.2, setgid.2, setpgid.2, setresuid.2, setreuid.2, setsid.2, setuid.2, shmctl.2, shmget.2, shmop.2, sigaction.2, sigprocmask.2, stat.2, symlink.2, syscall.2, sysctl.2, unlink.2, bindresvport.3, byteorder.3, dlopen.3, endian.3, error.3, ffs.3, fmemopen.3, getcwd.3, getlogin.3, getnetent.3, getprotoent.3, getservent.3, getumask.3, getutent.3, glob.3, isalpha.3, lio_listio.3, login.3, mbsinit.3, mbstowcs.3, mbtowc.3, mkstemp.3, nextup.3, ntp_gettime.3, posix_fallocate.3, posix_spawn.3, pthread_join.3, pthread_rwlockattr_setkind_np.3, random.3, rcmd.3, realpath.3, resolver.3, setjmp.3, setnetgrent.3, sigvec.3, strerror.3, strverscmp.3, system.3, toupper.3, towlower.3, towupper.3, wcstombs.3, wordexp.3, cciss.4, loop.4, mouse.4, random.4, core.5, group.5, hosts.5, resolv.conf.5, ascii.7, environ.7, epoll.7, glob.7, ip.7, mq_overview.7, packet.7, pipe.7, raw.7, sched.7, signal.7, socket.7, symlink.7, ld.so.8, sln.8: tstamp 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2016-10-08 14:08:23 +02:00
Michael Kerrisk 3a0d6510d9 request_key.2: Order ERRORS alphabetically 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2016-08-08 05:54:13 +10:00
Michael Kerrisk 979867082b locale.1, localedef.1, _exit.2, accept.2, access.2, acct.2, adjtimex.2, bdflush.2, bind.2, bpf.2, brk.2, chdir.2, chmod.2, chown.2, chroot.2, clock_nanosleep.2, clone.2, close.2, connect.2, copy_file_range.2, create_module.2, delete_module.2, dup.2, epoll_ctl.2, eventfd.2, execve.2, fallocate.2, fanotify_init.2, fcntl.2, flock.2, fork.2, fsync.2, futex.2, get_kernel_syms.2, getdomainname.2, getgroups.2, gethostname.2, getpagesize.2, getpeername.2, getsid.2, getsockname.2, getsockopt.2, gettimeofday.2, init_module.2, ioctl.2, ioctl_list.2, ioperm.2, iopl.2, kexec_load.2, kill.2, killpg.2, link.2, listen.2, llseek.2, lseek.2, madvise.2, memfd_create.2, mincore.2, mkdir.2, mknod.2, mmap.2, mount.2, nanosleep.2, nice.2, open.2, personality.2, pipe.2, poll.2, posix_fadvise.2, read.2, readahead.2, readlink.2, readv.2, recv.2, recvmmsg.2, rename.2, request_key.2, sched_setaffinity.2, sched_setattr.2, select.2, select_tut.2, semctl.2, semop.2, send.2, sendfile.2, sendmmsg.2, seteuid.2, setns.2, setpgid.2, setreuid.2, shutdown.2, sigaction.2, sigaltstack.2, signal.2, signalfd.2, sigpending.2, sigprocmask.2, sigsuspend.2, socketpair.2, splice.2, stat.2, statfs.2, stime.2, symlink.2, sync.2, syscall.2, syscalls.2, times.2, truncate.2, unlink.2, unshare.2, uselib.2, utimensat.2, vfork.2, vhangup.2, wait.2, wait4.2, write.2, a64l.3, abs.3, acos.3, acosh.3, addseverity.3, adjtime.3, aio_read.3, aio_write.3, asin.3, asinh.3, atan.3, atan2.3, atanh.3, atoi.3, backtrace.3, cbrt.3, ceil.3, cfree.3, clearenv.3, clock_getcpuclockid.3, clog10.3, cmsg.3, copysign.3, cos.3, cosh.3, ctermid.3, ctime.3, daemon.3, dirfd.3, div.3, dl_iterate_phdr.3, drand48.3, drand48_r.3, dysize.3, ecvt.3, ecvt_r.3, endian.3, erf.3, erfc.3, errno.3, exec.3, exp.3, exp2.3, expm1.3, fabs.3, fdim.3, ferror.3, fexecve.3, ffs.3, fgetgrent.3, fgetpwent.3, finite.3, flockfile.3, floor.3, fma.3, fmax.3, fmin.3, fmod.3, fopen.3, fpclassify.3, frexp.3, fseeko.3, fts.3, futimes.3, fwide.3, gamma.3, gcvt.3, getaddrinfo.3, getcwd.3, getdate.3, getdirentries.3, getdtablesize.3, getgrent.3, getgrent_r.3, getgrnam.3, getgrouplist.3, gethostbyname.3, gethostid.3, getline.3, getloadavg.3, getmntent.3, getnameinfo.3, getnetent_r.3, getpass.3, getprotoent_r.3, getpwent.3, getpwent_r.3, getpwnam.3, getrpcent_r.3, getservent_r.3, getspnam.3, getsubopt.3, getusershell.3, getutent.3, getw.3, gsignal.3, hypot.3, ilogb.3, inet.3, initgroups.3, insque.3, isalpha.3, isgreater.3, iswblank.3, j0.3, ldexp.3, lgamma.3, lio_listio.3, lockf.3, log.3, log10.3, log1p.3, log2.3, logb.3, lrint.3, lround.3, makedev.3, matherr.3, mbsnrtowcs.3, mkdtemp.3, mkfifo.3, mkstemp.3, mktemp.3, modf.3, mq_close.3, mq_getattr.3, mq_notify.3, mq_receive.3, mq_send.3, nan.3, nextafter.3, on_exit.3, open_memstream.3, opendir.3, perror.3, popen.3, posix_fallocate.3, posix_madvise.3, posix_memalign.3, posix_openpt.3, posix_spawn.3, pow.3, printf.3, profil.3, psignal.3, pthread_attr_setstack.3, pthread_setaffinity_np.3, putenv.3, putpwent.3, qecvt.3, rand.3, random.3, random_r.3, rcmd.3, readdir.3, realpath.3, remainder.3, remquo.3, rexec.3, rint.3, round.3, rpc.3, rpmatch.3, scalb.3, scalbln.3, scandir.3, scanf.3, seekdir.3, sem_wait.3, setbuf.3, setenv.3, setjmp.3, setnetgrent.3, siginterrupt.3, signbit.3, significand.3, sigset.3, sigsetops.3, sigvec.3, sigwait.3, sin.3, sinh.3, sleep.3, sockatmark.3, sqrt.3, statvfs.3, stpcpy.3, stpncpy.3, strdup.3, strerror.3, strftime.3, strlen.3, strnlen.3, strsep.3, strsignal.3, strtod.3, strtok.3, strtol.3, strtoul.3, syslog.3, system.3, tan.3, tanh.3, telldir.3, tempnam.3, termios.3, tgamma.3, timegm.3, timeradd.3, tmpfile.3, tmpnam.3, toascii.3, trunc.3, ttyslot.3, tzset.3, ualarm.3, unlocked_stdio.3, usleep.3, wcpcpy.3, wcpncpy.3, wcscasecmp.3, wcsdup.3, wcsncasecmp.3, wcsnlen.3, wcsnrtombs.3, wprintf.3, y0.3, pts.4, st.4, tty_ioctl.4, elf.5, gai.conf.5, group.5, locale.5, nsswitch.conf.5, proc.5, utmp.5, aio.7, capabilities.7, credentials.7, environ.7, epoll.7, fanotify.7, feature_test_macros.7, inotify.7, ip.7, mq_overview.7, namespaces.7, pipe.7, signal.7, socket.7, standards.7, svipc.7, symlink.7, time.7, unicode.7, unix.7: tstamp 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2016-03-15 17:30:43 +13:00
Michael Kerrisk bb14af394e clock_nanosleep.2, fallocate.2, nanosleep.2, request_key.2, sigsuspend.2, statfs.2, getgrent.3, getgrnam.3, getpwent.3, getpwnam.3, lio_listio.3, statvfs.3, tmpfile.3, ualarm.3: ERRORS: add reference to signal(7) in description of EINTR 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2016-01-01 13:15:06 +01:00
Michael Kerrisk 67d2c6873c add_key.2, chown.2, epoll_ctl.2, epoll_wait.2, execve.2, fcntl.2, get_mempolicy.2, getxattr.2, ioctl.2, keyctl.2, listxattr.2, mkdir.2, mknod.2, mmap.2, msync.2, nfsservctl.2, open.2, prctl.2, removexattr.2, request_key.2, sendfile.2, set_mempolicy.2, setxattr.2, shmget.2, shutdown.2, sigaction.2, syslog.2, truncate.2, umask.2, CPU_SET.3, atexit.3, bsearch.3, cmsg.3, err.3, gethostid.3, getmntent.3, getopt.3, iconv_close.3, inet_ntop.3, longjmp.3, lsearch.3, mcheck.3, on_exit.3, putpwent.3, regex.3, resolver.3, setbuf.3, setjmp.3, setlocale.3, setlogmask.3, sleep.3, strsignal.3, sysconf.3, undocumented.3, tty_ioctl.4, proc.5, resolv.conf.5, tzfile.5, aio.7, bootparam.7, capabilities.7, fanotify.7, inotify.7, ip.7, packet.7, pthreads.7, raw.7, signal.7, socket.7, unix.7, ld.so.8, nscd.8: tstamp 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2015-05-07 08:26:32 +02:00
Michael Kerrisk 86cfb3ca59 add_key.2, request_key.2: SEE ALSO: add keyctl(3) 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2015-04-22 14:38:56 +02:00
Michael Kerrisk 32fc240749 add_key.2, keyctl.2, request_key.2: SEE ALSO: add keyrings(7) 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2015-04-22 14:38:56 +02:00
Michael Kerrisk a797afac4e fcntl.2, msgget.2, ptrace.2, request_key.2, shmget.2, sigaction.2, syscalls.2, dbopen.3, euidaccess.3, getgrnam.3, getpwnam.3, strfmon.3, strtol.3, strtoul.3, cciss.4, hpsa.4, mouse.4, termcap.5, charsets.7, iso_8859-16.7, iso_8859-2.7, koi8-r.7, unicode.7, utf-8.7: Use Oxford comma 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-02-05 16:09:11 +01:00
Michael Kerrisk f14ae16e57 accept.2, clock_getres.2, mkdir.2, request_key.2, wait.2, printf.3, bootparam.7: grfix 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-01-11 06:25:02 +13:00
Michael Kerrisk 23dbdcbe30 add_key.2, keyctl.2, request_key.2: s/GPLv2+_ONEPARA_SW/GPLv2+_SW_ONEPARA/ 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2013-03-10 10:57:11 +01:00
Michael Kerrisk 722b678847 add_key.2, keyctl.2, request_key.2: Added LICENSE_START(GPLv2+_ONEPARA_SW) 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2013-03-10 10:57:10 +01:00
Michael Kerrisk fd351c1ab2 _syscall.2, add_key.2, epoll_create.2, epoll_ctl.2, epoll_wait.2, getxattr.2, inotify_add_watch.2, inotify_init.2, inotify_rm_watch.2, keyctl.2, listxattr.2, removexattr.2, request_key.2, setxattr.2, dir_colors.5, epoll.7, mailaddr.7, uri.7: srcfix: remove blank comment line from top of source 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2013-03-10 10:57:08 +01:00
Michael Kerrisk 5618d6329a request_key.2: ffix 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2013-02-11 22:44:29 +01:00
Michael Kerrisk f68512e9fe intro.1, add_key.2, get_mempolicy.2, get_thread_area.2, intro.2, keyctl.2, mbind.2, request_key.2, set_thread_area.2, clock.3, cmsg.3, getcwd.3, getpw.3, intro.3, malloc.3, posix_memalign.3, shm_open.3, sleep.3, sysconf.3, intro.4, sd.4, intro.5, locale.5, slabinfo.5, intro.6, boot.7, bootparam.7, futex.7, glob.7, hier.7, intro.7, libc.7, locale.7, mq_overview.7, netlink.7, sem_overview.7, shm_overview.7, unix.7, intro.8: Global fix: Use consistent capitalization in NAME section 
The line(s) in the NAME section should only use capitals
where English usage dictates that. Otherwise, use
lowercase throughout.

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2012-10-24 14:53:48 +02:00