summaryrefslogtreecommitdiffstats
path: root/include/linux/key.h
diff options
context:
space:
mode:
authorDavid Howells <dhowells@redhat.com>2012-01-18 15:31:45 +0000
committerJames Morris <jmorris@namei.org>2012-01-19 14:38:51 +1100
commit700920eb5ba4de5417b446c9a8bb008df2b973e0 (patch)
tree8e2caa32a5cdcd47347ff84bc3e95915d000f537 /include/linux/key.h
parent53999bf34d55981328f8ba9def558d3e104d6e36 (diff)
KEYS: Allow special keyrings to be cleared
The kernel contains some special internal keyrings, for instance the DNS resolver keyring : 2a93faf1 I----- 1 perm 1f030000 0 0 keyring .dns_resolver: empty It would occasionally be useful to allow the contents of such keyrings to be flushed by root (cache invalidation). Allow a flag to be set on a keyring to mark that someone possessing the sysadmin capability can clear the keyring, even without normal write access to the keyring. Set this flag on the special keyrings created by the DNS resolver, the NFS identity mapper and the CIFS identity mapper. Signed-off-by: David Howells <dhowells@redhat.com> Acked-by: Jeff Layton <jlayton@redhat.com> Acked-by: Steve Dickson <steved@redhat.com> Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'include/linux/key.h')
-rw-r--r--include/linux/key.h1
1 files changed, 1 insertions, 0 deletions
diff --git a/include/linux/key.h b/include/linux/key.h
index 183a6af7715..3ac412855d8 100644
--- a/include/linux/key.h
+++ b/include/linux/key.h
@@ -155,6 +155,7 @@ struct key {
#define KEY_FLAG_IN_QUOTA 3 /* set if key consumes quota */
#define KEY_FLAG_USER_CONSTRUCT 4 /* set if key is being constructed in userspace */
#define KEY_FLAG_NEGATIVE 5 /* set if key is negative */
+#define KEY_FLAG_ROOT_CAN_CLEAR 6 /* set if key can be cleared by root without permission */
/* the description string
* - this is used to match a key against search criteria