diff options
| author | David Howells <dhowells@redhat.com> | 2019-08-16 12:52:47 +0100 |
|---|---|---|
| committer | David Howells <dhowells@redhat.com> | 2019-08-19 15:41:03 +0100 |
| commit | 877a60343810a46d4d2c3b66287211f12f1035d5 (patch) | |
| tree | 309f4e18ae071747a0e0552703c7ba5c68fb1774 | |
| parent | 93052ad750f2af1cc9b592005cfb95880dc44f4a (diff) | |
| download | keyutils-877a60343810a46d4d2c3b66287211f12f1035d5.tar.gz | |
Allow keyctl new_session to name the session keyring
Allow "keyctl new_session" to name the session keyring it creates and
attaches to the parent:
$ keyctl new_session fred
52095209
Signed-off-by: David Howells <dhowells@redhat.com>
| -rw-r--r-- | keyctl.c | 6 | ||||
| -rw-r--r-- | man/keyctl.1 | 9 |
2 files changed, 9 insertions, 6 deletions
@@ -93,7 +93,7 @@ static const struct command commands[] = { { act_keyctl_list, "list", "<keyring>" }, { act_keyctl_move, "move", "[-f] <key> <from_keyring> <to_keyring>" }, { act_keyctl_negate, "negate", "<key> <timeout> <keyring>" }, - { act_keyctl_new_session, "new_session", "" }, + { act_keyctl_new_session, "new_session", "[<name>]" }, { act_keyctl_newring, "newring", "<name> <keyring>" }, { act_keyctl_padd, "padd", "<type> <desc> <keyring>" }, { act_keyctl_pinstantiate, "pinstantiate","<key> <keyring>" }, @@ -1351,10 +1351,10 @@ static void act_keyctl_new_session(int argc, char *argv[]) { key_serial_t keyring; - if (argc != 1) + if (argc != 1 && argc != 2) format(); - if (keyctl_join_session_keyring(NULL) < 0) + if (keyctl_join_session_keyring(argv[1]) < 0) error("keyctl_join_session_keyring"); if (keyctl_session_to_parent() < 0) diff --git a/man/keyctl.1 b/man/keyctl.1 index d1008ff..dd1f4a5 100644 --- a/man/keyctl.1 +++ b/man/keyctl.1 @@ -69,7 +69,7 @@ keyctl \- key management facility control .br \fBkeyctl\fR setperm <key> <mask> .br -\fBkeyctl\fR new_session +\fBkeyctl\fR new_session [<name>] .br \fBkeyctl\fR session .br @@ -736,10 +736,12 @@ unconfined_u:unconfined_r:unconfined_t:s0\-s0:c0.c1023 .fi .RE .SS Give the parent process a new session keyring -\fBkeyctl new_session\fR +\fBkeyctl new_session [<name>]\fR This command is used to give the invoking process (typically a shell) a new -session keyring, discarding its old session keyring. +session keyring, discarding its old session keyring. If a name is given, the +keyring is given that name, otherwise it will be given a name of "_ses" and +will not be manually joinable. .RS .nf @@ -761,6 +763,7 @@ call, and so may only affect processes with matching credentials. Furthermore, the change does not take effect till the parent process next transitions from kernel space to user space - typically when the \fBwait\fP() system call returns. + .SS Remove dead keys from the session keyring tree \fBkeyctl reap\fR |