diff options
author | David Howells <dhowells@redhat.com> | 2012-01-18 15:31:45 +0000 |
---|---|---|
committer | James Morris <jmorris@namei.org> | 2012-01-19 14:38:51 +1100 |
commit | 700920eb5ba4de5417b446c9a8bb008df2b973e0 (patch) | |
tree | 8e2caa32a5cdcd47347ff84bc3e95915d000f537 /include/linux/key.h | |
parent | 53999bf34d55981328f8ba9def558d3e104d6e36 (diff) |
KEYS: Allow special keyrings to be cleared
The kernel contains some special internal keyrings, for instance the DNS
resolver keyring :
2a93faf1 I----- 1 perm 1f030000 0 0 keyring .dns_resolver: empty
It would occasionally be useful to allow the contents of such keyrings to be
flushed by root (cache invalidation).
Allow a flag to be set on a keyring to mark that someone possessing the
sysadmin capability can clear the keyring, even without normal write access to
the keyring.
Set this flag on the special keyrings created by the DNS resolver, the NFS
identity mapper and the CIFS identity mapper.
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Jeff Layton <jlayton@redhat.com>
Acked-by: Steve Dickson <steved@redhat.com>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'include/linux/key.h')
-rw-r--r-- | include/linux/key.h | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/include/linux/key.h b/include/linux/key.h index 183a6af7715..3ac412855d8 100644 --- a/include/linux/key.h +++ b/include/linux/key.h @@ -155,6 +155,7 @@ struct key { #define KEY_FLAG_IN_QUOTA 3 /* set if key consumes quota */ #define KEY_FLAG_USER_CONSTRUCT 4 /* set if key is being constructed in userspace */ #define KEY_FLAG_NEGATIVE 5 /* set if key is negative */ +#define KEY_FLAG_ROOT_CAN_CLEAR 6 /* set if key can be cleared by root without permission */ /* the description string * - this is used to match a key against search criteria |