Add a keyctl command for granting a permit on a key
Add a keyctl command to allow permits to be granted or removed on a key for
a specific subject. The kernel maintains the ACL internally from these
alterations, but the ACL isn't directly accessible.
The command looks like:
keyctl grant <keyid> <subject> <permits>
where subject can currently be one of
pos - Permits available to a possessor of the key
own - Permits available to key's owner
grp - Permits available to key's group ID
all - Permits available to everyone
and permits can be any combination of the following letters:
v - Permit the subject to view the key's attributes
r - Permit the subject to read the key's payload
w - Permit the subject to change the key's payload
s - Permit the subject to find the key in a search
l - Permit the subject to create a link to the key
I - Permit the subject to invalidate the key
R - Permit the subject to revoke the key
S - Permit the subject to change the key's security
j - Permit the subject to join the session keyring
c - Permit the subject to clear the keyring
For example:
$ keyctl grant @s own j
will grant the key's owner a permit to join the key as its session keyring,
but will remove all other permits for the owner directly, such as view,
read, etc..
Signed-off-by: David Howells <dhowells@redhat.com>
16 files changed