summaryrefslogtreecommitdiff
path: root/security/keys/compat.c
diff options
context:
space:
mode:
authorMat Martineau <mathew.j.martineau@linux.intel.com>2017-03-02 03:44:09 +0300
committerMat Martineau <mathew.j.martineau@linux.intel.com>2017-04-05 00:10:12 +0300
commit6563c91fd645556c7801748f15bc727c77fcd311 (patch)
tree714a6be7606cb6646c7b182bae136ef26bc9692e /security/keys/compat.c
parent4a420896f12d2d043602f134ae18ad6be5b9d9dd (diff)
downloadlinux-6563c91fd645556c7801748f15bc727c77fcd311.tar.xz
KEYS: Add KEYCTL_RESTRICT_KEYRING
Keyrings recently gained restrict_link capabilities that allow individual keys to be validated prior to linking. This functionality was only available using internal kernel APIs. With the KEYCTL_RESTRICT_KEYRING command existing keyrings can be configured to check the content of keys before they are linked, and then allow or disallow linkage of that key to the keyring. To restrict a keyring, call: keyctl(KEYCTL_RESTRICT_KEYRING, key_serial_t keyring, const char *type, const char *restriction) where 'type' is the name of a registered key type and 'restriction' is a string describing how key linkage is to be restricted. The restriction option syntax is specific to each key type. Signed-off-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
Diffstat (limited to 'security/keys/compat.c')
-rw-r--r--security/keys/compat.c4
1 files changed, 4 insertions, 0 deletions
diff --git a/security/keys/compat.c b/security/keys/compat.c
index 36c80bf5b89c..bb98f2b8dd7d 100644
--- a/security/keys/compat.c
+++ b/security/keys/compat.c
@@ -136,6 +136,10 @@ COMPAT_SYSCALL_DEFINE5(keyctl, u32, option,
return keyctl_dh_compute(compat_ptr(arg2), compat_ptr(arg3),
arg4, compat_ptr(arg5));
+ case KEYCTL_RESTRICT_KEYRING:
+ return keyctl_restrict_keyring(arg2, compat_ptr(arg3),
+ compat_ptr(arg4));
+
default:
return -EOPNOTSUPP;
}