On Tue, 2020-05-12 at 23:33 +0100, David Howells wrote: > Since the meaning of combining the KEY_NEED_* constants is undefined, make > it so that you can't do that by turning them into an enum. > > The enum is also given some extra values to represent special > circumstances, such as: > > (1) The '0' value is reserved and causes a warning to trap the parameter > being unset. > > (2) The key is to be unlinked and we require no permissions on it, only > the keyring, (this replaces the KEY_LOOKUP_FOR_UNLINK flag). > > (3) An override due to CAP_SYS_ADMIN. > > (4) An override due to an instantiation token being present. > > (5) The permissions check is being deferred to later key_permission() > calls. > > The extra values give the opportunity for LSMs to audit these situations. > > Signed-off-by: David Howells <dhowells@xxxxxxxxxx> > cc: Jarkko Sakkinen <jarkko.sakkinen@xxxxxxxxxxxxxxx> > cc: Paul Moore <paul@xxxxxxxxxxxxxx> > cc: Stephen Smalley <stephen.smalley.work@xxxxxxxxx> > cc: Casey Schaufler <casey@xxxxxxxxxxxxxxxx> > cc: keyrings@xxxxxxxxxxxxxxx > cc: selinux@xxxxxxxxxxxxxxx So extensive comments already from Stephen and Paul that I'll just wait for the next version (agree with the idea though). /Jarkko
