diff options
author | David Howells <dhowells@redhat.com> | 2019-06-26 21:02:32 +0100 |
---|---|---|
committer | David Howells <dhowells@redhat.com> | 2019-06-26 21:02:32 +0100 |
commit | 218e6424e711ceee31eeba93212fed8ee92d6a11 (patch) | |
tree | 62358ec392304d17294f73779a1a13591468de7b /security/keys/keyring.c | |
parent | 3b6e4de05e9ee2e2f94e4a3fe14d945e2418d9a8 (diff) |
keys: Garbage collect keys for which the domain has been removed
If a key operation domain (such as a network namespace) has been removed
then attempt to garbage collect all the keys that use it.
Signed-off-by: David Howells <dhowells@redhat.com>
Diffstat (limited to 'security/keys/keyring.c')
-rw-r--r-- | security/keys/keyring.c | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/security/keys/keyring.c b/security/keys/keyring.c index 0da8fa282d56..d3c86fda1510 100644 --- a/security/keys/keyring.c +++ b/security/keys/keyring.c @@ -241,6 +241,21 @@ bool key_put_tag(struct key_tag *tag) return false; } +/** + * key_remove_domain - Kill off a key domain and gc its keys + * @domain_tag: The domain tag to release. + * + * This marks a domain tag as being dead and releases a ref on it. If that + * wasn't the last reference, the garbage collector is poked to try and delete + * all keys that were in the domain. + */ +void key_remove_domain(struct key_tag *domain_tag) +{ + domain_tag->removed = true; + if (!key_put_tag(domain_tag)) + key_schedule_gc_links(); +} + /* * Build the next index key chunk. * |