diff options
author | David Howells <dhowells@redhat.com> | 2009-09-02 09:14:00 +0100 |
---|---|---|
committer | James Morris <jmorris@namei.org> | 2009-09-02 21:29:11 +1000 |
commit | 5d135440faf7db8d566de0c6fab36b16cf9cfc3b (patch) | |
tree | d9c022e73ed51dfe5729fde9a97150cb64b68196 /security/keys/internal.h | |
parent | f041ae2f99d49adc914153a34a2d0e14e4389d90 (diff) |
KEYS: Add garbage collection for dead, revoked and expired keys. [try #6]
Add garbage collection for dead, revoked and expired keys. This involved
erasing all links to such keys from keyrings that point to them. At that
point, the key will be deleted in the normal manner.
Keyrings from which garbage collection occurs are shrunk and their quota
consumption reduced as appropriate.
Dead keys (for which the key type has been removed) will be garbage collected
immediately.
Revoked and expired keys will hang around for a number of seconds, as set in
/proc/sys/kernel/keys/gc_delay before being automatically removed. The default
is 5 minutes.
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/keys/internal.h')
-rw-r--r-- | security/keys/internal.h | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/security/keys/internal.h b/security/keys/internal.h index a7252e7b2e0..fb830514c33 100644 --- a/security/keys/internal.h +++ b/security/keys/internal.h @@ -132,6 +132,10 @@ extern key_ref_t lookup_user_key(key_serial_t id, unsigned long flags, extern long join_session_keyring(const char *name); +extern unsigned key_gc_delay; +extern void keyring_gc(struct key *keyring, time_t limit); +extern void key_schedule_gc(time_t expiry_at); + /* * check to see whether permission is granted to use a key in the desired way */ |