linux-stable/security
Mat Martineau 6563c91fd6 KEYS: Add KEYCTL_RESTRICT_KEYRING
Keyrings recently gained restrict_link capabilities that allow
individual keys to be validated prior to linking.  This functionality
was only available using internal kernel APIs.

With the KEYCTL_RESTRICT_KEYRING command existing keyrings can be
configured to check the content of keys before they are linked, and
then allow or disallow linkage of that key to the keyring.

To restrict a keyring, call:

  keyctl(KEYCTL_RESTRICT_KEYRING, key_serial_t keyring, const char *type,
         const char *restriction)

where 'type' is the name of a registered key type and 'restriction' is a
string describing how key linkage is to be restricted. The restriction
option syntax is specific to each key type.

Signed-off-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
2017-04-04 14:10:12 -07:00
..
apparmor security: mark LSM hooks as __ro_after_init 2017-03-06 11:00:15 +11:00
integrity KEYS: Use structure to capture key restriction function and data 2017-04-04 14:10:10 -07:00
keys KEYS: Add KEYCTL_RESTRICT_KEYRING 2017-04-04 14:10:12 -07:00
loadpin security: mark LSM hooks as __ro_after_init 2017-03-06 11:00:15 +11:00
selinux security: mark LSM hooks as __ro_after_init 2017-03-06 11:00:15 +11:00
smack security: mark LSM hooks as __ro_after_init 2017-03-06 11:00:15 +11:00
tomoyo TOMOYO: Use designated initializers 2017-03-30 17:37:45 +11:00
yama security: mark LSM hooks as __ro_after_init 2017-03-06 11:00:15 +11:00
commoncap.c security: mark LSM hooks as __ro_after_init 2017-03-06 11:00:15 +11:00
device_cgroup.c security/device_cgroup: Fix RCU_LOCKDEP_WARN() condition 2015-09-03 18:13:10 -07:00
inode.c LSM: Add /sys/kernel/security/lsm 2017-01-19 13:18:29 +11:00
Kconfig security: introduce CONFIG_SECURITY_WRITABLE_HOOKS 2017-03-06 11:00:12 +11:00
lsm_audit.c Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 2016-10-04 14:48:27 -07:00
Makefile LSM: LoadPin for kernel file loading restrictions 2016-04-21 10:47:27 +10:00
min_addr.c mmap_min_addr check CAP_SYS_RAWIO only for write 2010-04-23 08:56:31 +10:00
security.c LSM: Revive security_task_alloc() hook and per "struct task_struct" security blob. 2017-03-28 11:05:14 +11:00