Documentation
¶
Overview ¶
Package security manages:
- Cache clearing (cache.go)
- Keyring Operations (keyring.go)
- Privilege manipulation (privileges.go)
- Maintaining the link between the root and user keyrings.
Index ¶
- Constants
- Variables
- func DropFilesystemCache() error
- func FindKey(description string, target *user.User) (int, error)
- func InsertKey(data []byte, description string, target *user.User) error
- func RemoveKey(description string, target *user.User) error
- func SetThreadPrivileges(target *user.User) error
- func UserKeyringID(target *user.User, checkSession bool) (int, error)
Constants ¶
const KeyType = "logon"
KeyType is always logon as required by filesystem encryption.
Variables ¶
var ( ErrKeySearch = errors.New("could not find key with descriptor") ErrKeyRemove = util.SystemError("could not remove key from the keyring") ErrKeyInsert = util.SystemError("could not insert key into the keyring") ErrSessionUserKeying = errors.New("user keyring not linked into session keyring") ErrAccessUserKeyring = errors.New("could not access user keyring") ErrLinkUserKeyring = util.SystemError("could not link user keyring into root keyring") )
Keyring related error values
Functions ¶
func DropFilesystemCache ¶ added in v0.2.2
func DropFilesystemCache() error
DropFilesystemCache instructs the kernel to free the reclaimable inodes and dentries. This has the effect of making encrypted directories whose keys are not present no longer accessible. Requires root privileges.
func FindKey ¶
FindKey tries to locate a key in the kernel keyring with the provided description. The key ID is returned if we can find the key. An error is returned if the key does not exist.
func InsertKey ¶
InsertKey puts the provided data into the kernel keyring with the provided description.
func RemoveKey ¶
RemoveKey tries to remove a policy key from the kernel keyring with the provided description. An error is returned if the key does not exist.
func SetThreadPrivileges ¶ added in v0.2.1
SetThreadPrivileges temporarily drops the privileges of the current thread to have the effective uid/gid of the target user. The privileges can be changed again with another call to SetThreadPrivileges.
func UserKeyringID ¶ added in v0.2.1
UserKeyringID returns the key id of the target user's user keyring. We also ensure that the keyring will be accessible by linking it into the process keyring and linking it into the root user keyring (permissions allowing). If checkSession is true, an error is returned if a normal user requests their user keyring, but it is not in the current session keyring.
Types ¶
This section is empty.
Source Files