提交 a05a4830 编写于 作者: J Jeff Layton

keys: update the documentation with info about "logon" keys

Acked-by: NDavid Howells <dhowells@redhat.com>
Signed-off-by: NJeff Layton <jlayton@redhat.com>
上级 af3a3ab2
...@@ -123,7 +123,7 @@ KEY SERVICE OVERVIEW ...@@ -123,7 +123,7 @@ KEY SERVICE OVERVIEW
The key service provides a number of features besides keys: The key service provides a number of features besides keys:
(*) The key service defines two special key types: (*) The key service defines three special key types:
(+) "keyring" (+) "keyring"
...@@ -137,6 +137,18 @@ The key service provides a number of features besides keys: ...@@ -137,6 +137,18 @@ The key service provides a number of features besides keys:
blobs of data. These can be created, updated and read by userspace, blobs of data. These can be created, updated and read by userspace,
and aren't intended for use by kernel services. and aren't intended for use by kernel services.
(+) "logon"
Like a "user" key, a "logon" key has a payload that is an arbitrary
blob of data. It is intended as a place to store secrets which are
accessible to the kernel but not to userspace programs.
The description can be arbitrary, but must be prefixed with a non-zero
length string that describes the key "subclass". The subclass is
separated from the rest of the description by a ':'. "logon" keys can
be created and updated from userspace, but the payload is only
readable from kernel space.
(*) Each process subscribes to three keyrings: a thread-specific keyring, a (*) Each process subscribes to three keyrings: a thread-specific keyring, a
process-specific keyring, and a session-specific keyring. process-specific keyring, and a session-specific keyring.
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册