keys: update the documentation with info about "logon" keys

Acked-by: David Howells <dhowells@redhat.com>
Signed-off-by: Jeff Layton <jlayton@redhat.com>
This commit is contained in:
Jeff Layton 2012-04-25 12:46:50 -04:00
parent af3a3ab296
commit a05a4830a3
1 changed files with 13 additions and 1 deletions

View File

@ -123,7 +123,7 @@ KEY SERVICE OVERVIEW
The key service provides a number of features besides keys: The key service provides a number of features besides keys:
(*) The key service defines two special key types: (*) The key service defines three special key types:
(+) "keyring" (+) "keyring"
@ -137,6 +137,18 @@ The key service provides a number of features besides keys:
blobs of data. These can be created, updated and read by userspace, blobs of data. These can be created, updated and read by userspace,
and aren't intended for use by kernel services. and aren't intended for use by kernel services.
(+) "logon"
Like a "user" key, a "logon" key has a payload that is an arbitrary
blob of data. It is intended as a place to store secrets which are
accessible to the kernel but not to userspace programs.
The description can be arbitrary, but must be prefixed with a non-zero
length string that describes the key "subclass". The subclass is
separated from the rest of the description by a ':'. "logon" keys can
be created and updated from userspace, but the payload is only
readable from kernel space.
(*) Each process subscribes to three keyrings: a thread-specific keyring, a (*) Each process subscribes to three keyrings: a thread-specific keyring, a
process-specific keyring, and a session-specific keyring. process-specific keyring, and a session-specific keyring.