• David Howells's avatar
    [PATCH] Keys: Make request-key create an authorisation key · 3e30148c
    David Howells authored
    The attached patch makes the following changes:
    
     (1) There's a new special key type called ".request_key_auth".
    
         This is an authorisation key for when one process requests a key and
         another process is started to construct it. This type of key cannot be
         created by the user; nor can it be requested by kernel services.
    
         Authorisation keys hold two references:
    
         (a) Each refers to a key being constructed. When the key being
         	 constructed is instantiated the authorisation key is revoked,
         	 rendering it of no further use.
    
         (b) The "authorising process". This is either:
    
         	 (i) the process that called request_key(), or:
    
         	 (ii) if the process that called request_key() itself had an
         	      authorisation key in its session keyring, then the authorising
         	      process referred to by that authorisation key will also be
         	      referred to by the new authorisation key.
    
    	 This means that the proce...
    3e30148c
keys.txt 36.2 KB