On Tue, 2020-05-12 at 23:33 +0100, David Howells wrote: > Since the meaning of combining the KEY_NEED_* constants is undefined, make > it so that you can't do that by turning them into an enum. > > The enum is also given some extra values to represent special > circumstances, such as: > > (1) The '0' value is reserved and causes a warning to trap the parameter > being unset. > > (2) The key is to be unlinked and we require no permissions on it, only > the keyring, (this replaces the KEY_LOOKUP_FOR_UNLINK flag). > > (3) An override due to CAP_SYS_ADMIN. > > (4) An override due to an instantiation token being present. > > (5) The permissions check is being deferred to later key_permission() > calls. > > The extra values give the opportunity for LSMs to audit these situations. > > Signed-off-by: David Howells <dhowe...@redhat.com> > cc: Jarkko Sakkinen <jarkko.sakki...@linux.intel.com> > cc: Paul Moore <p...@paul-moore.com> > cc: Stephen Smalley <stephen.smalley.w...@gmail.com> > cc: Casey Schaufler <ca...@schaufler-ca.com> > cc: keyri...@vger.kernel.org > cc: seli...@vger.kernel.org
So extensive comments already from Stephen and Paul that I'll just wait for the next version (agree with the idea though). /Jarkko
