man-pages

Commit Graph

Author	SHA1	Message	Date
Michael Kerrisk	5834768eaf	request_key.2: srcfix: FIXME Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>	2016-12-27 09:36:23 +01:00
Michael Kerrisk	c69490ae43	keyctl.2: Improve a KEYCTL_SET_REQKEY_KEYRING detail Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>	2016-12-27 09:36:23 +01:00
Michael Kerrisk	5e0d5def6c	request_key.2: Improve description of default keyring when dest_keyring is zero Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>	2016-12-27 09:36:23 +01:00
Michael Kerrisk	6dfb4dda6e	request_key.2: Minor wording fixes Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>	2016-12-27 09:36:23 +01:00
Eugene Syromyatnikov	2bcf858070	request_key.2: Add information regarding default keyring Notes from Eugene: Based on linux v4.9-rc6 (9c763584): * security/keys/keyctl.c, SYSCALL_DEFINE4(request_key, ...), line 158: * Assume that call is performed with with destringid == 0: * We skip check on line 196, so dest_ref remains NULL * On line 213, request_key_and_link is called with key_ref_to_ptr(dest_ref) * key_ref_to_ptr() itself just zeroes lower bit which is used for indication that key reference in the possession of the current context. * security/keys/request_key.c, request_key_and_link, line 508: * On line 543, we try to search process keyrings for the key (we fill ctx at hte beginning of the function and then pass it to search_process_keyrings) * If key is found (key_ref is not erroneous), we convert key_ref to ptr on line 546 and skip the following block on line 547 since dest_keyring is 0. * If key is not found and error is not EAGAIN, then construct_key_and_link is called on line 566 with dest_keyring == NULL. * security/keys/request_key.c, construct_key_and_link, line 430: * On line 450, construct_get_dest_keyring is called with dest_keyring == NULL. * security/keys/request_key.c, construct_get_dest_keyring, line 253: * The argument here (which is pointer to pointer to struct key) is named _dest_keyring, but on line 257 it is dereferenced to local variable dest_keyring (so it stores NULL now). * We re going to the "else" branch (starting from line 266) of check on line 262 * Now we are switching against cred->jit_keyring with the behavour described in the patch. * git grep jit_keyring security/keys reveals that it is assigned inside keyctl_set_reqkey_keyring, security/keys/keyctl.c, line 1257. * keyctl_set_reqkey_keyring is called from SYSCALL_DEFINE5(keyctl, ...), when option passed to keyctl is KEYCTL_SET_REQKEY_KEYRING (line 1652). * Default value for jit_keyring is sort of difficult to find out, since it is inherited, but overall it is explicitly set to KEY_REQKEY_DEFL_THREAD_KEYRING or copied from zeroed-out structures (so it is equal to KEY_REQKEY_DEFL_DEFAULT) which leads to the same behaviour in case the process has not been upcalled by request_key construction. Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>	2016-12-27 09:36:23 +01:00
Michael Kerrisk	34795036d1	keyrings.7: Number the fields in /proc/keys for easy reference in discussion Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>	2016-12-27 09:36:23 +01:00
Michael Kerrisk	1704100353	keyrings.7: srcfix Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>	2016-12-27 09:36:22 +01:00
Michael Kerrisk	8a141d6b8f	keyrings.7: wfix Reported-by: David Howells <dhowells@redhat.com> Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>	2016-12-27 09:36:22 +01:00
Michael Kerrisk	b51c7752ea	keyrings.7: Fixes after feedback from David Howells Reported-by: David Howells <dhowells@redhat.com> Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>	2016-12-27 09:36:22 +01:00
Michael Kerrisk	805aa46622	keyrings.7: wfix Reported-by: David Howells <dhowells@redhat.com> Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>	2016-12-27 09:36:22 +01:00
Michael Kerrisk	7c5c6f2c9e	keyrings.7: Add a little more detail on the encryption of the big_key payload Reported-by: Eugene Syromyatnikov <evgsyr@gmail.com> Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>	2016-12-27 09:36:22 +01:00
Michael Kerrisk	790ba8ccf8	keyrings.7: ff Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>	2016-12-27 09:36:22 +01:00
Michael Kerrisk	e8722fc5a2	keyrings.7: Rework 'big_key' text a little Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>	2016-12-27 09:36:22 +01:00
Michael Kerrisk	23e10faf7b	keyrings.7: Fixes after review by David Howells Reported-by: David Howells <dhowells@redhat.com> Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>	2016-12-27 09:36:22 +01:00
Michael Kerrisk	9fd70ffaf6	keyrings.7: Reorder list of key types Place "keyring" first. Reported-by: David Howells <dhowells@redhat.com> Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>	2016-12-27 09:36:22 +01:00
Michael Kerrisk	1d452eeca3	add_key.2: Various fixes after review by David Howells Reported-by: David Howells <dhowells@redhat.com> Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>	2016-12-27 09:36:22 +01:00
Michael Kerrisk	eebdcb80a8	add_key.2: Reorder list of key tpes (pace keyrings first) Reported-by: David Howells <dhowells@redhat.com> Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>	2016-12-27 09:36:22 +01:00
Michael Kerrisk	6cf27f3f8c	keyrings.7: Add a note on the unimplemented group keyring Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>	2016-12-27 09:36:22 +01:00
Michael Kerrisk	dc26e4994b	keyrings.7: Note the special keyring IDs used in add_key()/request_key()/keyctl() Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>	2016-12-27 09:36:22 +01:00
Michael Kerrisk	46d584ecbb	keyrings.7: ffix Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>	2016-12-27 09:36:22 +01:00
Michael Kerrisk	ecf9a3e30b	keyrings.7: Extend SEE ALSO list Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>	2016-12-27 09:36:22 +01:00
Michael Kerrisk	f5e0c167f4	add_key.2: srcfix Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>	2016-12-27 09:36:22 +01:00
Michael Kerrisk	722772aa01	keyrings.7: Minor tweaks Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>	2016-12-27 09:36:22 +01:00
Eugene Syromyatnikov	efeccbf659	keyrings.7: Add info regarding pre-3.17 defaults in root_maxbytes/root_maxkeys	2016-12-27 09:36:22 +01:00
Eugene Syromyatnikov	f391cd5a93	keyrings.7: tfix	2016-12-27 09:36:22 +01:00
Eugene Syromyatnikov	be851e7e53	keyrings.7: Minor clarification on where big_key payload is stored	2016-12-27 09:36:22 +01:00
Eugene Syromyatnikov	d78255b88b	keyrings.7: tfix	2016-12-27 09:36:22 +01:00
Eugene Syromyatnikov	cd27ab965e	keyrings.7: Minor clarification regarding storage method used in keyrings	2016-12-27 09:36:22 +01:00
Eugene Syromyatnikov	87c6aeea76	keyctl.2: tfix	2016-12-27 09:36:22 +01:00
Michael Kerrisk	0b617a3a9c	request_key.2: wfix Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>	2016-12-27 09:36:22 +01:00
Michael Kerrisk	24fcf1d3e7	request_key.2: Tweaks to Eugene Syromyatnikov's patches Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>	2016-12-27 09:36:22 +01:00
Eugene Syromyatnikov	b58584686b	request_key.2: VERSIONS: Note kernel version that added key instantiation on request Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>	2016-12-27 09:36:22 +01:00
Eugene Syromyatnikov	f70b502db6	request_key.2: Document some additional errors Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>	2016-12-27 09:36:22 +01:00
Eugene Syromyatnikov	9b0ac3ef53	request_key.2: wfix	2016-12-27 09:36:22 +01:00
Eugene Syromyatnikov	1bf661a0d8	request_key.2: tfix	2016-12-27 09:36:21 +01:00
Michael Kerrisk	8880b194be	keyrings.7: Note key types and descriptions that are reserved to the implementation Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>	2016-12-27 09:36:21 +01:00
Michael Kerrisk	b67331f9b3	add_key.2: ERRORS: Note key types and descriptions that are reserved Some key type names and keyring description names are reserved to the implementation. Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>	2016-12-27 09:36:21 +01:00
Michael Kerrisk	924ebcde51	add_key.2: Tweaks to Eugene Syromyatnikov's patches Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>	2016-12-27 09:36:21 +01:00
Eugene Syromyatnikov	62975dc234	add_key.2: Add information regarding EPERM	2016-12-27 09:36:21 +01:00
Eugene Syromyatnikov	c99809b93e	add_key.2: Add information regarding EFAULT	2016-12-27 09:36:21 +01:00
Eugene Syromyatnikov	94dd02f476	add_key.2: Change wording regarding storing of big_key payload	2016-12-27 09:36:21 +01:00
Eugene Syromyatnikov	89bcd51753	add_key.2: Wording change regarding the reasons of call failure	2016-12-27 09:36:21 +01:00
Michael Kerrisk	9d85c78908	user_namespaces.7: Change page cross reference: keyctl(2) ==> keyrings(7) Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>	2016-12-27 09:36:21 +01:00
Michael Kerrisk	1f39876b88	request_key.2: Minor tweaks Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>	2016-12-27 09:36:21 +01:00
Michael Kerrisk	4051799cd8	request_key.2: Remove errExit() from example program Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>	2016-12-27 09:36:21 +01:00
Michael Kerrisk	6052344b05	add_key.2: Remove errExit() from example program Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>	2016-12-27 09:36:21 +01:00
Michael Kerrisk	d38d705386	add_key.2: tfix Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>	2016-12-27 09:36:21 +01:00
Michael Kerrisk	16dfd5cea1	keyrings.7: wfix Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>	2016-12-27 09:36:21 +01:00
Michael Kerrisk	e22cb0c493	keyrings.7, persistent-keyring.7, process-keyring.7, session-keyring.7, thread-keyring.7, user-keyring.7, user-session-keyring.7: srcfix: spfix Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>	2016-12-27 09:36:21 +01:00
Michael Kerrisk	51139f08f7	keyrings.7: /proc/keys also shows keys that are not possessed by reader Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>	2016-12-27 09:36:21 +01:00

... 2 3 4 5 6 ...

17367 Commits All Branches Search

17367 Commits

All Branches