KEYS: prevent keys from being removed from specified keyrings

Userspace should not be allowed to remove keys from certain keyrings (eg. blacklist), though the keys themselves can expire. This patch defines a new key flag named KEY_FLAG_KEEP to prevent userspace from being able to unlink, revoke, invalidate or timed out a key on a keyring. When this flag is set on the keyring, all keys subsequently added are flagged. In addition, when this flag is set, the keyring itself can not be cleared. Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com> Cc: David Howells <dhowells@redhat.com>
author: Mimi Zohar <zohar@linux.vnet.ibm.com> 2015-11-10 08:34:46 -0500
committer: Mimi Zohar <zohar@linux.vnet.ibm.com> 2015-12-15 10:01:43 -0500
commit: d3600bcf9d64d88dc1d189a754dcfab960ce751f (patch)
tree: 0db5cee0ddb99cfe1cbd7f8314653f36ddf5005f /include/linux/key.h
parent: 80eae209d63ac6361c7b445f7e7e41f39c044772 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/include/linux/key.h b/include/linux/key.h
index 66f705243985..7321ab8ef949 100644
--- a/include/linux/key.h
+++ b/include/linux/key.h
@@ -177,6 +177,7 @@ struct key {
 #define KEY_FLAG_TRUSTED_ONLY	9	/* set if keyring only accepts links to trusted keys */
 #define KEY_FLAG_BUILTIN	10	/* set if key is builtin */
 #define KEY_FLAG_ROOT_CAN_INVAL	11	/* set if key can be invalidated by root without permission */
+#define KEY_FLAG_KEEP		12	/* set if key should not be removed */
 
 	/* the key type and key description string
 	 * - the desc is used to match a key against search criteria
author	Mimi Zohar <zohar@linux.vnet.ibm.com>	2015-11-10 08:34:46 -0500
committer	Mimi Zohar <zohar@linux.vnet.ibm.com>	2015-12-15 10:01:43 -0500
commit	d3600bcf9d64d88dc1d189a754dcfab960ce751f (patch)
tree	0db5cee0ddb99cfe1cbd7f8314653f36ddf5005f /include/linux/key.h
parent	80eae209d63ac6361c7b445f7e7e41f39c044772 (diff)