Searched refs:keyrings (Results 1 – 14 of 14) sorted by relevance
| /Linux-v6.6/security/integrity/ |
| D | Kconfig | 20 bool "Digital signature verification using multiple keyrings"
26 using multiple keyrings. It defines separate keyrings for each
28 Different keyrings improves search performance, but also allow
30 This is useful for evm and module keyrings, when keys are
46 bool "Require all keys on the integrity keyrings be signed"
52 .evm keyrings be signed by a key on the system trusted
|
| /Linux-v6.6/security/keys/ |
| D | Kconfig | 19 to five standard keyrings: UID-specific, GID-specific, session,
43 bool "Enable register of persistent per-UID keyrings"
46 This option provides a register of persistent per-UID keyrings,
47 primarily aimed at Kerberos key storage. The keyrings are persistent
133 on keys and keyrings on which the caller has View permission.
|
| /Linux-v6.6/Documentation/ABI/testing/ |
| D | ima_policy | 32 [appraise_algos=] [keyrings=]
66 keyrings:= list of keyrings
157 measure func=KEY_CHECK keyrings=.builtin_trusted_keys|.ima
|
| /Linux-v6.6/Documentation/security/keys/ |
| D | core.rst | 26 tokens, keyrings, etc.. These are represented in the kernel by struct key.
140 * Each process subscribes to three keyrings: a thread-specific keyring, a
161 * Each user ID resident in the system holds two special keyrings: a user
172 limits the total number of keys and keyrings, the other limits the total
179 Process-specific and thread-specific keyrings are not counted towards a
186 manipulate keys and keyrings.
192 userspace to request a key that can't be found in a process's keyrings.
222 This permits keyrings to be searched and keys to be found. Searches can
223 only recurse into nested keyrings that have search permission set.
257 The default keyrings associated with users will be labeled with the default
[all …]
|
| D | request-key.rst | 81 2) request_key() searches the process's subscribed keyrings to see if there's
107 This will permit it to then search the keyrings of process A with the
127 This is because process A's keyrings can't simply be attached to
|
| /Linux-v6.6/Documentation/security/ |
| D | credentials.rst | 180 4. Keys and keyrings.
190 of keyrings:
197 cached on one of these keyrings for future accesses to find.
264 4. the reference count on any keyrings it points to may be changed;
266 5. any keyrings it points to may be revoked, expired or have their security
269 6. the contents of any keyrings to which it points may be changed (the whole
270 point of keyrings being a shared set of credentials, modifiable by anyone
282 longer permit attachment to process-specific keyrings in the requesting
295 changed, the keyrings subscribed to may have their contents altered.
|
| /Linux-v6.6/security/integrity/ima/ |
| D | Kconfig | 253 Keys may be added to the IMA or IMA blacklist keyrings, if the
255 secondary trusted keyrings. The key must also have the
261 built-in or secondary trusted keyrings.
264 bool "Create IMA machine owner blacklist keyrings (EXPERIMENTAL)"
|
| D | ima_policy.c | 122 struct ima_rule_opt_list *keyrings; /* Measure keys added to these keyrings */ member
399 ima_free_rule_opt_list(entry->keyrings); in ima_free_rule()
524 if (!rule->keyrings) in ima_match_rule_data()
527 opt_list = rule->keyrings; in ima_match_rule_data()
1589 entry->keyrings) { in ima_parse_rule()
1594 entry->keyrings = ima_alloc_rule_opt_list(args); in ima_parse_rule()
1595 if (IS_ERR(entry->keyrings)) { in ima_parse_rule()
1596 result = PTR_ERR(entry->keyrings); in ima_parse_rule()
1597 entry->keyrings = NULL; in ima_parse_rule()
2133 ima_show_rule_opt_list(m, entry->keyrings); in ima_policy_show()
|
| /Linux-v6.6/Documentation/networking/ |
| D | dns_resolver.rst | 125 keyrings for a cached DNS result. If that fails to find one, it upcalls to
|
| D | rxrpc.rst | 449 extracted from the calling process's keyrings with request_key() and
|
| /Linux-v6.6/Documentation/crypto/ |
| D | asymmetric-keys.rst | 348 2) Restrict using the kernel builtin and secondary trusted keyrings
353 The kernel builtin and secondary trusted keyrings will be searched for the
|
| /Linux-v6.6/Documentation/core-api/ |
| D | watch_queue.rst | 235 Notifications of this type indicate changes to keys and keyrings, including
|
| /Linux-v6.6/Documentation/filesystems/ |
| D | fscrypt.rst | 821 added is limited by the user's quota for the keyrings service (see
902 Nevertheless, to add a key to one of the process-subscribed keyrings,
941 process-subscribed keyrings mechanism.
1115 process-subscribed keyrings.
|
| /Linux-v6.6/ |
| D | MAINTAINERS | 3166 L: keyrings@vger.kernel.org
4782 L: keyrings@vger.kernel.org
11621 L: keyrings@vger.kernel.org
11632 L: keyrings@vger.kernel.org
11643 L: keyrings@vger.kernel.org
11651 L: keyrings@vger.kernel.org
11659 L: keyrings@vger.kernel.org
11673 L: keyrings@vger.kernel.org
|
