Searched refs:keyrings (Results 1 – 14 of 14) sorted by relevance
| /Linux-v5.10/security/integrity/ |
| D | Kconfig | 20 bool "Digital signature verification using multiple keyrings"
26 using multiple keyrings. It defines separate keyrings for each
28 Different keyrings improves search performance, but also allow
30 This is useful for evm and module keyrings, when keys are
46 bool "Require all keys on the integrity keyrings be signed"
52 .evm keyrings be signed by a key on the system trusted
|
| /Linux-v5.10/Documentation/ABI/testing/ |
| D | ima_policy | 30 [appraise_flag=] [keyrings=]
49 keyrings:= list of keyrings
133 measure func=KEY_CHECK keyrings=.builtin_trusted_keys|.ima
|
| /Linux-v5.10/security/keys/ |
| D | Kconfig | 19 to five standard keyrings: UID-specific, GID-specific, session,
43 bool "Enable register of persistent per-UID keyrings"
46 This option provides a register of persistent per-UID keyrings,
47 primarily aimed at Kerberos key storage. The keyrings are persistent
123 and keyrings on which the caller has View permission. This makes use
|
| /Linux-v5.10/security/integrity/ima/ |
| D | ima_policy.c | 87 struct ima_rule_opt_list *keyrings; /* Measure keys added to these keyrings */ member
347 ima_free_rule_opt_list(entry->keyrings); in ima_free_rule()
472 if (!rule->keyrings) in ima_match_keyring()
478 for (i = 0; i < rule->keyrings->count; i++) { in ima_match_keyring()
479 if (!strcmp(rule->keyrings->items[i], keyring)) { in ima_match_keyring()
1297 entry->keyrings) { in ima_parse_rule()
1302 entry->keyrings = ima_alloc_rule_opt_list(args); in ima_parse_rule()
1303 if (IS_ERR(entry->keyrings)) { in ima_parse_rule()
1304 result = PTR_ERR(entry->keyrings); in ima_parse_rule()
1305 entry->keyrings = NULL; in ima_parse_rule()
[all …]
|
| D | Kconfig | 274 Keys may be added to the IMA or IMA blacklist keyrings, if the
276 secondary trusted keyrings.
281 built-in or secondary trusted keyrings.
284 bool "Create IMA machine owner blacklist keyrings (EXPERIMENTAL)"
|
| /Linux-v5.10/Documentation/security/keys/ |
| D | core.rst | 26 tokens, keyrings, etc.. These are represented in the kernel by struct key.
140 * Each process subscribes to three keyrings: a thread-specific keyring, a
161 * Each user ID resident in the system holds two special keyrings: a user
172 limits the total number of keys and keyrings, the other limits the total
179 Process-specific and thread-specific keyrings are not counted towards a
186 manipulate keys and keyrings.
192 userspace to request a key that can't be found in a process's keyrings.
222 This permits keyrings to be searched and keys to be found. Searches can
223 only recurse into nested keyrings that have search permission set.
257 The default keyrings associated with users will be labeled with the default
[all …]
|
| D | request-key.rst | 81 2) request_key() searches the process's subscribed keyrings to see if there's
107 This will permit it to then search the keyrings of process A with the
127 This is because process A's keyrings can't simply be attached to
|
| /Linux-v5.10/Documentation/security/ |
| D | credentials.rst | 180 4. Keys and keyrings.
190 of keyrings:
197 cached on one of these keyrings for future accesses to find.
264 4. the reference count on any keyrings it points to may be changed;
266 5. any keyrings it points to may be revoked, expired or have their security
269 6. the contents of any keyrings to which it points may be changed (the whole
270 point of keyrings being a shared set of credentials, modifiable by anyone
282 longer permit attachment to process-specific keyrings in the requesting
295 changed, the keyrings subscribed to may have their contents altered.
|
| /Linux-v5.10/Documentation/networking/ |
| D | dns_resolver.rst | 125 keyrings for a cached DNS result. If that fails to find one, it upcalls to
|
| D | rxrpc.rst | 449 extracted from the calling process's keyrings with request_key() and
|
| /Linux-v5.10/Documentation/crypto/ |
| D | asymmetric-keys.rst | 348 2) Restrict using the kernel builtin and secondary trusted keyrings
353 The kernel builtin and secondary trusted keyrings will be searched for the
|
| /Linux-v5.10/Documentation/ |
| D | watch_queue.rst | 235 Notifications of this type indicate changes to keys and keyrings, including
|
| /Linux-v5.10/Documentation/filesystems/ |
| D | fscrypt.rst | 728 added is limited by the user's quota for the keyrings service (see
809 Nevertheless, to add a key to one of the process-subscribed keyrings,
848 process-subscribed keyrings mechanism.
1022 process-subscribed keyrings.
|
| /Linux-v5.10/ |
| D | MAINTAINERS | 2853 L: keyrings@vger.kernel.org
4100 L: keyrings@vger.kernel.org
9716 L: keyrings@vger.kernel.org
9727 L: keyrings@vger.kernel.org
9737 L: keyrings@vger.kernel.org
|
