linux/security
David Howells 700920eb5b KEYS: Allow special keyrings to be cleared
The kernel contains some special internal keyrings, for instance the DNS
resolver keyring :

2a93faf1 I-----     1 perm 1f030000     0     0 keyring   .dns_resolver: empty

It would occasionally be useful to allow the contents of such keyrings to be
flushed by root (cache invalidation).

Allow a flag to be set on a keyring to mark that someone possessing the
sysadmin capability can clear the keyring, even without normal write access to
the keyring.

Set this flag on the special keyrings created by the DNS resolver, the NFS
identity mapper and the CIFS identity mapper.

Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Jeff Layton <jlayton@redhat.com>
Acked-by: Steve Dickson <steved@redhat.com>
Signed-off-by: James Morris <jmorris@namei.org>
2012-01-19 14:38:51 +11:00
..
apparmor Merge branch 'for-linus' of git://selinuxproject.org/~jmorris/linux-security 2012-01-14 18:36:33 -08:00
integrity Merge branch 'next' into for-linus 2012-01-09 12:16:48 +11:00
keys KEYS: Allow special keyrings to be cleared 2012-01-19 14:38:51 +11:00
selinux Merge branch 'for-linus' of git://selinuxproject.org/~jmorris/linux-security 2012-01-14 18:36:33 -08:00
smack vfs: prefer ->dentry->d_sb to ->mnt->mnt_sb 2012-01-06 23:16:53 -05:00
tomoyo Merge branch 'for-linus' of git://selinuxproject.org/~jmorris/linux-security 2012-01-10 21:51:23 -08:00
capability.c Merge branch 'for-linus' of git://selinuxproject.org/~jmorris/linux-security 2012-01-14 18:36:33 -08:00
commoncap.c Merge branch 'for-linus' of git://selinuxproject.org/~jmorris/linux-security 2012-01-14 18:36:33 -08:00
device_cgroup.c cgroup: introduce cgroup_taskset and use it in subsys->can_attach(), cancel_attach() and attach() 2011-12-12 18:12:21 -08:00
inode.c securityfs: fix object creation races 2012-01-10 10:20:35 -05:00
Kconfig encrypted-keys: remove trusted-keys dependency 2011-09-14 15:23:49 -04:00
lsm_audit.c ipv6: Add fragment reporting to ipv6_skip_exthdr(). 2011-12-03 09:35:10 -08:00
Makefile integrity: move ima inode integrity data management 2011-07-18 12:29:38 -04:00
min_addr.c mmap_min_addr check CAP_SYS_RAWIO only for write 2010-04-23 08:56:31 +10:00
security.c Merge branch 'for-linus' of git://selinuxproject.org/~jmorris/linux-security 2012-01-14 18:36:33 -08:00