提交 dddc7231 编写于 作者: P Philipp Hahn 提交者: Jonathan Corbet

doc: Rename .system_keyring to .builtin_trusted_keys

Commit d3bfe841 changed the name but did
not update the documentation.

Fixes: d3bfe841Signed-off-by: NPhilipp Hahn <hahn@univention.de>
Signed-off-by: NJonathan Corbet <corbet@lwn.net>
上级 fcdf1df2
...@@ -180,11 +180,11 @@ Public keys in the kernel ...@@ -180,11 +180,11 @@ Public keys in the kernel
========================= =========================
The kernel contains a ring of public keys that can be viewed by root. They're The kernel contains a ring of public keys that can be viewed by root. They're
in a keyring called ".system_keyring" that can be seen by:: in a keyring called ".builtin_trusted_keys" that can be seen by::
[root@deneb ~]# cat /proc/keys [root@deneb ~]# cat /proc/keys
... ...
223c7853 I------ 1 perm 1f030000 0 0 keyring .system_keyring: 1 223c7853 I------ 1 perm 1f030000 0 0 keyring .builtin_trusted_keys: 1
302d2d52 I------ 1 perm 1f010000 0 0 asymmetri Fedora kernel signing key: d69a84e6bce3d216b979e9505b3e3ef9a7118079: X509.RSA a7118079 [] 302d2d52 I------ 1 perm 1f010000 0 0 asymmetri Fedora kernel signing key: d69a84e6bce3d216b979e9505b3e3ef9a7118079: X509.RSA a7118079 []
... ...
...@@ -197,15 +197,15 @@ add those in also (e.g. from the UEFI key database). ...@@ -197,15 +197,15 @@ add those in also (e.g. from the UEFI key database).
Finally, it is possible to add additional public keys by doing:: Finally, it is possible to add additional public keys by doing::
keyctl padd asymmetric "" [.system_keyring-ID] <[key-file] keyctl padd asymmetric "" [.builtin_trusted_keys-ID] <[key-file]
e.g.:: e.g.::
keyctl padd asymmetric "" 0x223c7853 <my_public_key.x509 keyctl padd asymmetric "" 0x223c7853 <my_public_key.x509
Note, however, that the kernel will only permit keys to be added to Note, however, that the kernel will only permit keys to be added to
``.system_keyring _if_`` the new key's X.509 wrapper is validly signed by a key ``.builtin_trusted_keys _if_`` the new key's X.509 wrapper is validly signed by a key
that is already resident in the .system_keyring at the time the key was added. that is already resident in the .builtin_trusted_keys at the time the key was added.
======================== ========================
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册