• David Howells's avatar
    KEYS: Add garbage collection for dead, revoked and expired keys. [try #6] · 5d135440
    David Howells authored
    Add garbage collection for dead, revoked and expired keys.  This involved
    erasing all links to such keys from keyrings that point to them.  At that
    point, the key will be deleted in the normal manner.
    
    Keyrings from which garbage collection occurs are shrunk and their quota
    consumption reduced as appropriate.
    
    Dead keys (for which the key type has been removed) will be garbage collected
    immediately.
    
    Revoked and expired keys will hang around for a number of seconds, as set in
    /proc/sys/kernel/keys/gc_delay before being automatically removed.  The default
    is 5 minutes.
    Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
    Signed-off-by: default avatarJames Morris <jmorris@namei.org>
    5d135440
keyctl.c 30.3 KB