From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S266409AbUHIJqj (ORCPT ); Mon, 9 Aug 2004 05:46:39 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S266425AbUHIJqj (ORCPT ); Mon, 9 Aug 2004 05:46:39 -0400 Received: from mx1.redhat.com ([66.187.233.31]:50847 "EHLO mx1.redhat.com") by vger.kernel.org with ESMTP id S266409AbUHIJqh (ORCPT ); Mon, 9 Aug 2004 05:46:37 -0400 From: David Howells In-Reply-To: References: To: Linus Torvalds Cc: James Morris , akpm@osdl.org, linux-kernel@vger.kernel.org, arjanv@redhat.com, dwmw2@infradead.org, greg@kroah.com, Chris Wright , sfrench@samba.org, mike@halcrow.us, Trond Myklebust , Kyle Moffett Subject: Re: [PATCH] implement in-kernel keys & keyring management User-Agent: EMH/1.14.1 SEMI/1.14.5 (Awara-Onsen) FLIM/1.14.5 (Demachiyanagi) APEL/10.6 Emacs/21.3 (i386-redhat-linux-gnu) MULE/5.0 (SAKAKI) MIME-Version: 1.0 (generated by SEMI 1.14.5 - "Awara-Onsen") Content-Type: text/plain; charset=US-ASCII Date: Mon, 09 Aug 2004 10:45:58 +0100 Message-ID: <16109.1092044758@redhat.com> Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Linus Torvalds wrote: > If you want to use netlink, do so. But do it from the /sbin/request-key > script or binary. I've rewritten my example request-key program to get a key holding the real key creation program from a key in the user's session key, so that, say, a desktop such as KDE could supply a GUI front end. http://people.redhat.com/~dhowells/keys/request-key.c http://people.redhat.com/~dhowells/keys/request-key-dhowells.sh So as me, I can do: keyctl add user request-key:create /tmp/request-key-dhowells.sh @s And then: keyctl request user metal:copper And the request-key program will change to my UID/GID, look around for the a key telling it which program to run, and then run my default script. David