diff options
| author |   David Howells <[email protected]> | 2012-01-18 15:31:45 +0000 |
|---|---|---|
| committer |   James Morris <[email protected]> | 2012-01-19 14:38:51 +1100 |
| commit | 700920eb5ba4de5417b446c9a8bb008df2b973e0 (patch) | |
| tree | 8e2caa32a5cdcd47347ff84bc3e95915d000f537 /net/dns_resolver | |
| parent | error: implicit declaration of function 'module_flags_taint' (diff) | |
| download | wireguard-linux-700920eb5ba4de5417b446c9a8bb008df2b973e0.tar.xz wireguard-linux-700920eb5ba4de5417b446c9a8bb008df2b973e0.zip | |
KEYS: Allow special keyrings to be cleared
The kernel contains some special internal keyrings, for instance the DNS
resolver keyring :
2a93faf1 I----- 1 perm 1f030000 0 0 keyring .dns_resolver: empty
It would occasionally be useful to allow the contents of such keyrings to be
flushed by root (cache invalidation).
Allow a flag to be set on a keyring to mark that someone possessing the
sysadmin capability can clear the keyring, even without normal write access to
the keyring.
Set this flag on the special keyrings created by the DNS resolver, the NFS
identity mapper and the CIFS identity mapper.
Signed-off-by: David Howells <[email protected]>
Acked-by: Jeff Layton <[email protected]>
Acked-by: Steve Dickson <[email protected]>
Signed-off-by: James Morris <[email protected]>
Diffstat (limited to 'net/dns_resolver')
| -rw-r--r-- | net/dns_resolver/dns_key.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/net/dns_resolver/dns_key.c b/net/dns_resolver/dns_key.c index fa000d26dc60..c73bba326d70 100644 --- a/net/dns_resolver/dns_key.c +++ b/net/dns_resolver/dns_key.c @@ -281,6 +281,7 @@ static int __init init_dns_resolver(void) /* instruct request_key() to use this special keyring as a cache for * the results it looks up */ + set_bit(KEY_FLAG_ROOT_CAN_CLEAR, &keyring->flags); cred->thread_keyring = keyring; cred->jit_keyring = KEY_REQKEY_DEFL_THREAD_KEYRING; dns_resolver_cache = cred; |