diff options
author | Mat Martineau | 2017-07-13 13:17:03 +0100 |
---|---|---|
committer | James Morris | 2017-07-14 11:01:38 +1000 |
commit | 7228b66aaf723a623e578aa4db7d083bb39546c9 (patch) | |
tree | 73b4c8eaf75430fbb7c3551d882a29bd5f6195fe /Documentation/security | |
parent | 4f9dabfaf8df971f8a3b6aa324f8f817be38d538 (diff) |
KEYS: Add documentation for asymmetric keyring restrictions
Provide more specific examples of keyring restrictions as applied to
X.509 signature chain verification.
Signed-off-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
Diffstat (limited to 'Documentation/security')
-rw-r--r-- | Documentation/security/keys/core.rst | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/Documentation/security/keys/core.rst b/Documentation/security/keys/core.rst index 0d831a7afe4f..1648fa80b3bf 100644 --- a/Documentation/security/keys/core.rst +++ b/Documentation/security/keys/core.rst @@ -894,6 +894,12 @@ The keyctl syscall functions are: To apply a keyring restriction the process must have Set Attribute permission and the keyring must not be previously restricted. + One application of restricted keyrings is to verify X.509 certificate + chains or individual certificate signatures using the asymmetric key type. + See Documentation/crypto/asymmetric-keys.txt for specific restrictions + applicable to the asymmetric key type. + + Kernel Services =============== |