summaryrefslogtreecommitdiffstats
path: root/Documentation/keys.txt
diff options
context:
space:
mode:
authorDavid Howells <dhowells@redhat.com>2006-01-08 01:02:45 -0800
committerLinus Torvalds <torvalds@g5.osdl.org>2006-01-08 20:13:53 -0800
commitcab8eb594e84b434d20412fc5a3985b0bee3ab9f (patch)
tree307dc5bf813effdcabe439a74ad2ae866516adb0 /Documentation/keys.txt
parent017679c4d45783158dba1dd6f79e712c22bb3d9a (diff)
downloadkernel-crypto-cab8eb594e84b434d20412fc5a3985b0bee3ab9f.tar.gz
kernel-crypto-cab8eb594e84b434d20412fc5a3985b0bee3ab9f.tar.xz
kernel-crypto-cab8eb594e84b434d20412fc5a3985b0bee3ab9f.zip
[PATCH] keys: Discard duplicate keys from a keyring on link
Cause any links within a keyring to keys that match a key to be linked into that keyring to be discarded as a link to the new key is added. The match is contingent on the type and description strings being the same. This permits requests, adds and searches to displace negative, expired, revoked and dead keys easily. After some discussion it was concluded that duplicate valid keys should probably be discarded also as they would otherwise hide the new key. Since request_key() is intended to be the primary method by which keys are added to a keyring, duplicate valid keys wouldn't be an issue there as that function would return an existing match in preference to creating a new key. Signed-off-by: David Howells <dhowells@redhat.com> Cc: Trond Myklebust <trond.myklebust@fys.uio.no> Cc: Alexander Zangerl <az@bond.edu.au> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Diffstat (limited to 'Documentation/keys.txt')
-rw-r--r--Documentation/keys.txt4
1 files changed, 4 insertions, 0 deletions
diff --git a/Documentation/keys.txt b/Documentation/keys.txt
index c17c4ca7430..eeda00f82d2 100644
--- a/Documentation/keys.txt
+++ b/Documentation/keys.txt
@@ -500,6 +500,10 @@ The keyctl syscall functions are:
The link procedure checks the nesting of the keyrings, returning ELOOP if
it appears too deep or EDEADLK if the link would introduce a cycle.
+ Any links within the keyring to keys that match the new key in terms of
+ type and description will be discarded from the keyring as the new one is
+ added.
+
(*) Unlink a key or keyring from another keyring: