[Keyrings] [PATCH] Keys: Permit running process to instantiate
keys
Trond Myklebust
trond.myklebust at fys.uio.no
Tue Nov 22 13:59:59 EST 2005
On Tue, 2005-11-22 at 18:52 +0000, David Howells wrote:
> Rather than looking specifically at the session keyring, it might be worth
> looking at current->jit_keyring and choosing the keyring based on that (set by
> KEYCTL_SET_REQKEY_KEYRING).
OK.
> The keyring serial number could then be returned through the ->read() call.
Agreed. That could simply be appended to the upcall data.
> Whilst key_link() is exported, it might be wise to have an alternate function
> that invokes LSM, thus allowing that to deny a process access.
>
> Should I also export call_sbin_request_key() so that you can fall back to that
> if the RPC mechanism hasn't been set up at the time of requesting?
Yes. I think that might be useful for the case when we're bootstrapping
an nfsroot setup.
Cheers,
Trond
More information about the Keyrings
mailing list