diff options
authorDavid Howells <dhowells@redhat.com>2007-04-26 15:46:23 -0700
committerDavid S. Miller <davem@davemloft.net>2007-04-26 15:46:23 -0700
commit7318226ea2931a627f3572e5f4804c91ca19ecbc (patch)
parent071b638689464c6b39407025eedd810d5b5e6f5d (diff)
[AF_RXRPC]: Key facility changes for AF_RXRPC
Export the keyring key type definition and document its availability. Add alternative types into the key's type_data union to make it more useful. Not all users necessarily want to use it as a list_head (AF_RXRPC doesn't, for example), so make it clear that it can be used in other ways. Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
3 files changed, 16 insertions, 0 deletions
diff --git a/Documentation/keys.txt b/Documentation/keys.txt
index 60c665d9cfa..81d9aa09729 100644
--- a/Documentation/keys.txt
+++ b/Documentation/keys.txt
@@ -859,6 +859,18 @@ payload contents" for more information.
void unregister_key_type(struct key_type *type);
+Under some circumstances, it may be desirable to desirable to deal with a
+bundle of keys. The facility provides access to the keyring type for managing
+such a bundle:
+ struct key_type key_type_keyring;
+This can be used with a function such as request_key() to find a specific
+keyring in a process's keyrings. A keyring thus found can then be searched
+with keyring_search(). Note that it is not possible to use request_key() to
+search a specific keyring, so using keyrings in this way is of limited utility.
diff --git a/include/linux/key.h b/include/linux/key.h
index 169f05e4863..a9220e75782 100644
--- a/include/linux/key.h
+++ b/include/linux/key.h
@@ -160,6 +160,8 @@ struct key {
union {
struct list_head link;
+ unsigned long x[2];
+ void *p[2];
} type_data;
/* key data
diff --git a/security/keys/keyring.c b/security/keys/keyring.c
index ad45ce73964..88292e3dee9 100644
--- a/security/keys/keyring.c
+++ b/security/keys/keyring.c
@@ -66,6 +66,8 @@ struct key_type key_type_keyring = {
.read = keyring_read,
* semaphore to serialise link/link calls to prevent two link calls in parallel
* introducing a cycle