44 lines
1.8 KiB
Plaintext
44 lines
1.8 KiB
Plaintext
|
###############################################################################
|
||
|
#
|
||
|
# Copyright (C) 2005 Red Hat, Inc. All Rights Reserved.
|
||
|
# Written by David Howells (dhowells@redhat.com)
|
||
|
#
|
||
|
# This program is free software; you can redistribute it and/or
|
||
|
# modify it under the terms of the GNU General Public License
|
||
|
# as published by the Free Software Foundation; either version
|
||
|
# 2 of the License, or (at your option) any later version.
|
||
|
#
|
||
|
###############################################################################
|
||
|
|
||
|
|
||
|
###############################################################################
|
||
|
#
|
||
|
# We can run programs or scripts
|
||
|
# - Macro substitutions in arguments:
|
||
|
# %%... %...
|
||
|
# %o operation name
|
||
|
# %k ID of key being operated upon
|
||
|
# %t type of key being operated upon
|
||
|
# %d description of key being operated upon
|
||
|
# %c callout info
|
||
|
# %u UID of requestor
|
||
|
# %g GID of requestor
|
||
|
# %T thread keyring of requestor (may be 0)
|
||
|
# %P process keyring of requestor (may be 0)
|
||
|
# %S session keyring of requestor (may be the user's default session)
|
||
|
#
|
||
|
################################################################################
|
||
|
|
||
|
#OP TYPE DESCRIPTION CALLOUT INFO PROGRAM ARG1 ARG2 ARG3 ...
|
||
|
#====== ======= =============== =============== ===============================
|
||
|
create dns_resolver * * /sbin/key.dns_resolver %k
|
||
|
create user debug:* negate /bin/keyctl negate %k 30 %S
|
||
|
create user debug:* rejected /bin/keyctl reject %k 30 %c %S
|
||
|
create user debug:* expired /bin/keyctl reject %k 30 %c %S
|
||
|
create user debug:* revoked /bin/keyctl reject %k 30 %c %S
|
||
|
create user debug:loop:* * |/bin/cat
|
||
|
create user debug:* * /usr/share/keyutils/request-key-debug.sh %k %d %c %S
|
||
|
negate * * * /bin/keyctl negate %k 30 %S
|
||
|
# NFS idmap resolver
|
||
|
create id_resolver * * /usr/sbin/nfsidmap %k %d
|