Michael Kerrisk
4084e9b949
request_key.2: tfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-06-25 12:12:49 +02:00
Michael Kerrisk
afa27faacf
Removed trailing white space at end of lines
2017-03-13 21:17:48 +01:00
Michael Kerrisk
31a1b45ece
add_key.2, execve.2, fork.2, fsync.2, getrandom.2, getrlimit.2, getxattr.2, inotify_add_watch.2, ioctl.2, ioctl_fat.2, kcmp.2, keyctl.2, link.2, listxattr.2, lseek.2, madvise.2, mincore.2, mlock.2, nanosleep.2, poll.2, posix_fadvise.2, read.2, readv.2, recv.2, request_key.2, select.2, send.2, setxattr.2, sigaction.2, stat.2, statfs.2, syscall.2, tkill.2, truncate.2, unlink.2, vfork.2, write.2, __ppc_set_ppr_med.3, aio_suspend.3, backtrace.3, bcmp.3, bcopy.3, bzero.3, exec.3, fopen.3, fts.3, ftw.3, getline.3, getmntent.3, getopt.3, memccpy.3, memchr.3, memcmp.3, memcpy.3, memfrob.3, memmem.3, memmove.3, memset.3, random.3, random_r.3, resolver.3, scandir.3, scanf.3, sem_post.3, sem_wait.3, setjmp.3, sleep.3, strerror.3, strverscmp.3, system.3, random.4, core.5, intro.5, resolv.conf.5, slabinfo.5, environ.7, ip.7, keyrings.7, man.7, persistent-keyring.7, pipe.7, process-keyring.7, random.7, session-keyring.7, signal-safety.7, signal.7, thread-keyring.7, unix.7, user-keyring.7, user-session-keyring.7, ld.so.8: tstamp
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-03-13 21:14:49 +01:00
Michael Kerrisk
4c8ae2269c
keyctl.2, request_key.2: Consistently use term "negatively instantiated key"
...
Eliminate uses of the term "negative key" in favor of
"negatively instantiated key".
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-03-12 12:45:43 +01:00
Michael Kerrisk
1d7f3c5e3c
request_key.2: wfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-03-12 12:45:43 +01:00
Michael Kerrisk
3b7f994e1c
request_key.2: wfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-03-12 12:45:43 +01:00
Michael Kerrisk
2db8e1cc37
request_key.2: srcfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-03-12 12:45:43 +01:00
Michael Kerrisk
7f1f4badb3
request_key.2: Add links to some keyrings pages
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-03-12 12:45:43 +01:00
Michael Kerrisk
bfedb010d2
request_key.2: wfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-03-12 12:45:43 +01:00
Michael Kerrisk
82918334f1
request_key.2: wfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-02-19 22:40:52 +01:00
Jakub Wilk
e38f392506
request_key.2: tfix
...
Signed-off-by: Jakub Wilk <jwilk@jwilk.net>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-01-04 15:24:49 +13:00
Michael Kerrisk
5834768eaf
request_key.2: srcfix: FIXME
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-27 09:36:23 +01:00
Michael Kerrisk
5e0d5def6c
request_key.2: Improve description of default keyring when dest_keyring is zero
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-27 09:36:23 +01:00
Michael Kerrisk
6dfb4dda6e
request_key.2: Minor wording fixes
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-27 09:36:23 +01:00
Eugene Syromyatnikov
2bcf858070
request_key.2: Add information regarding default keyring
...
Notes from Eugene:
Based on linux v4.9-rc6 (9c763584):
* security/keys/keyctl.c, SYSCALL_DEFINE4(request_key, ...), line 158:
* Assume that call is performed with with destringid == 0:
* We skip check on line 196, so dest_ref remains NULL
* On line 213, request_key_and_link is called with key_ref_to_ptr(dest_ref)
* key_ref_to_ptr() itself just zeroes lower bit which is used for
indication that key reference in the possession of the current
context.
* security/keys/request_key.c, request_key_and_link, line 508:
* On line 543, we try to search process keyrings for the key (we
fill ctx at hte beginning of the function and then pass it to
search_process_keyrings)
* If key is found (key_ref is not erroneous), we convert key_ref to
ptr on line 546 and skip the following block on line 547 since
dest_keyring is 0.
* If key is not found and error is not EAGAIN, then
construct_key_and_link is called on line 566 with dest_keyring ==
NULL.
* security/keys/request_key.c, construct_key_and_link, line 430:
* On line 450, construct_get_dest_keyring is called with dest_keyring
== NULL.
* security/keys/request_key.c, construct_get_dest_keyring, line 253:
* The argument here (which is pointer to pointer to struct key) is
named _dest_keyring, but on line 257 it is dereferenced to local
variable dest_keyring (so it stores NULL now).
* We re going to the "else" branch (starting from line 266) of check
on line 262
* Now we are switching against cred->jit_keyring with the behavour
described in the patch.
* git grep jit_keyring security/keys reveals that it is assigned inside
keyctl_set_reqkey_keyring, security/keys/keyctl.c, line 1257.
* keyctl_set_reqkey_keyring is called from SYSCALL_DEFINE5(keyctl,
...), when option passed to keyctl is KEYCTL_SET_REQKEY_KEYRING (line
1652).
* Default value for jit_keyring is sort of difficult to find out, since
it is inherited, but overall it is explicitly set to
KEY_REQKEY_DEFL_THREAD_KEYRING or copied from zeroed-out structures
(so it is equal to KEY_REQKEY_DEFL_DEFAULT) which leads to the same
behaviour in case the process has not been upcalled by request_key
construction.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-27 09:36:23 +01:00
Michael Kerrisk
0b617a3a9c
request_key.2: wfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-27 09:36:22 +01:00
Michael Kerrisk
24fcf1d3e7
request_key.2: Tweaks to Eugene Syromyatnikov's patches
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-27 09:36:22 +01:00
Eugene Syromyatnikov
b58584686b
request_key.2: VERSIONS: Note kernel version that added key instantiation on request
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-27 09:36:22 +01:00
Eugene Syromyatnikov
f70b502db6
request_key.2: Document some additional errors
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-27 09:36:22 +01:00
Eugene Syromyatnikov
9b0ac3ef53
request_key.2: wfix
2016-12-27 09:36:22 +01:00
Eugene Syromyatnikov
1bf661a0d8
request_key.2: tfix
2016-12-27 09:36:21 +01:00
Michael Kerrisk
1f39876b88
request_key.2: Minor tweaks
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-27 09:36:21 +01:00
Michael Kerrisk
4051799cd8
request_key.2: Remove errExit() from example program
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-27 09:36:21 +01:00
Michael Kerrisk
0bbcf59de2
request_key.2: Refer to keyctl(2) for another demo of the example program
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-27 09:36:20 +01:00
Michael Kerrisk
388adc3c19
request_key.2: Give the example program a name
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-27 09:36:20 +01:00
Michael Kerrisk
05705bbaf1
request_key.2: SEE ALSO: add capabilities(7)
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-27 09:36:20 +01:00
Michael Kerrisk
442a3aeb49
request_key.2: Tweaks
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-27 09:36:20 +01:00
Michael Kerrisk
466c3cd80f
request_key.2: srcfix: remove FIXME
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-27 09:36:20 +01:00
Michael Kerrisk
5685b18c27
add_key.2, keyctl.2, request_key.2, syscalls.2: Correct kernel version for keys syscalls
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-27 09:36:20 +01:00
Michael Kerrisk
7ea452dc16
request_key.2: Update text/remove FIXMEs after discussion with David Howells
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-27 09:36:19 +01:00
Michael Kerrisk
46c0179ab7
dd_key.2, keyctl.2, request_key.2: ffix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-27 09:36:15 +01:00
Michael Kerrisk
51b9f6c050
request_key.2: srcfix: FIXME updates
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-27 09:36:15 +01:00
Michael Kerrisk
8c8033b102
request_key.2: srcfix: FIXME tidy-up
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-27 09:36:15 +01:00
Michael Kerrisk
a2333608a4
request_key.2: srcfix: FIXME tidyup
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-27 09:36:15 +01:00
Michael Kerrisk
f3ff1d07b4
request_key.2: Change argument name 'keyring' to 'dest_keyring'
...
Using 'dest_keyring' is more meaningful.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-27 09:36:15 +01:00
Michael Kerrisk
53705ead37
request_key.2: Further expand details of the request-key user-space callout
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-27 09:36:15 +01:00
Michael Kerrisk
61baf86979
request_key.2: ERRORS: add two EINVAL error cases
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-27 09:36:15 +01:00
Michael Kerrisk
8fa7ef41da
request_key.2: srcfix: FIXME
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-27 09:36:15 +01:00
Michael Kerrisk
a7c31ed8ef
request_key.2: Add an example program
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-27 09:36:15 +01:00
Michael Kerrisk
6011de34ff
request_key.2: SYNOPSIS: include <sys/types.h>
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-27 09:36:15 +01:00
Michael Kerrisk
120ea0c808
request_key.2: Add details on the use of authorization keys
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-27 09:36:15 +01:00
Michael Kerrisk
2e3b9c2aa7
request_key.2: Various improvements to description
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-27 09:36:15 +01:00
Michael Kerrisk
c7e3fd59ed
request_key.2: srcfix: add FIXME
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-27 09:36:15 +01:00
Michael Kerrisk
3d4f67dd5d
request_key.2: Clarify that search of keyring tree is breadth-first
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-27 09:36:15 +01:00
Michael Kerrisk
f627086804
request_key.2: Expand SEE ALSO list
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-27 09:36:15 +01:00
Michael Kerrisk
d2f1788ee8
request_key.2: Add notes on libkeyutils wrapper function
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-27 09:36:15 +01:00
Michael Kerrisk
e2eab9148d
request_key.2: Minor wording fixes
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-27 09:36:15 +01:00
Michael Kerrisk
a2b148c3ef
request_key.2: Add VERSIONS and CONFORMING TO sections
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-27 09:36:15 +01:00
Michael Kerrisk
2b8d7f4460
request_key.2: wfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-27 09:36:15 +01:00
Michael Kerrisk
fbc46ac47d
request_key.2: Add references to kernel documentation files
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-27 09:36:14 +01:00