keys: update the documentation with info about "logon" keys

Acked-by: David Howells <dhowells@redhat.com> Signed-off-by: Jeff Layton <jlayton@redhat.com>

keys: update the documentation with info about "logon" keys
Acked-by: David Howells <dhowells@redhat.com> Signed-off-by: Jeff Layton <jlayton@redhat.com>
a05a4830 · Jeff Layton · af3a3ab2 · a05a4830
Commit a05a4830 authored Apr 25, 2012 by Jeff Layton
Hide whitespace changes
Inline Side-by-side

Showing with 13 additions and 1 deletion

Documentation/security/keys.txt Documentation/security/keys.txt +13 -1

No files found.
--- a/Documentation/security/keys.txt
+++ b/Documentation/security/keys.txt
@@ -123,7 +123,7 @@ KEY SERVICE OVERVIEW

 The key service provides a number of features besides keys:

- (*) The key service defines two special key types:
+ (*) The key service defines three special key types:

     (+) "keyring"

@@ -137,6 +137,18 @@ The key service provides a number of features besides keys:
 	 blobs of data. These can be created, updated and read by userspace,
 	 and aren't intended for use by kernel services.

+     (+) "logon"
+
+	 Like a "user" key, a "logon" key has a payload that is an arbitrary
+	 blob of data. It is intended as a place to store secrets which are
+	 accessible to the kernel but not to userspace programs.
+
+	 The description can be arbitrary, but must be prefixed with a non-zero
+	 length string that describes the key "subclass". The subclass is
+	 separated from the rest of the description by a ':'. "logon" keys can
+	 be created and updated from userspace, but the payload is only
+	 readable from kernel space.
+
 (*) Each process subscribes to three keyrings: a thread-specific keyring, a
     process-specific keyring, and a session-specific keyring.