From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S266175AbUHGAcO (ORCPT ); Fri, 6 Aug 2004 20:32:14 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S266203AbUHGAcO (ORCPT ); Fri, 6 Aug 2004 20:32:14 -0400 Received: from mx1.redhat.com ([66.187.233.31]:58256 "EHLO mx1.redhat.com") by vger.kernel.org with ESMTP id S266175AbUHGAcL (ORCPT ); Fri, 6 Aug 2004 20:32:11 -0400 From: David Howells To: torvalds@osdl.org, akpm@osdl.org cc: linux-kernel@vger.kernel.org, arjanv@redhat.com, dwmw2@infradead.org, jmorris@redhat.com, greg@kroah.com, Chris Wright , sfrench@samba.org, mike@halcrow.us, Trond Myklebust , Kyle Moffett Subject: [PATCH] implement in-kernel keys & keyring management User-Agent: EMH/1.14.1 SEMI/1.14.5 (Awara-Onsen) FLIM/1.14.5 (Demachiyanagi) APEL/10.6 Emacs/21.3 (i386-redhat-linux-gnu) MULE/5.0 (SAKAKI) MIME-Version: 1.0 (generated by SEMI 1.14.5 - "Awara-Onsen") Content-Type: text/plain; charset=US-ASCII Date: Sat, 07 Aug 2004 01:31:45 +0100 Message-ID: <6453.1091838705@redhat.com> Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Hi Linus, Andrew, I've made available a patch that does a better job of key and keyring management for authentication, cryptography, etc.. I've added a good bit of documentation and I've commented the code more thoroughly. The patch can be found at: http://people.redhat.com/~dhowells/keys/keys-268rc2.diff.bz2 Signed-Off-By: David Howells The documentation is patched into Documentation/keys.txt. The feature set the patch includes: - Key attributes: - Key type - Description (by which a key of a particular type can be selected) - Payload - UID, GID and permissions mask - Expiry time - Keyrings (just a type of key that holds links to other keys) - User-defined keys - Key revokation - Access controls - Per user key-count and key-memory consumption quota - Three std keyrings per task: per-thread, per-process, session - Two std keyrings per user: per-user and default-user-session - prctl() functions for key and keyring creation and management - Kernel interfaces for filesystem, blockdev, net stack access - JIT key creation by usermode helper There are also two utility programs available: (*) http://people.redhat.com/~dhowells/keys/keyctl.c A comprehensive key management tool, permitting all the interfaces available to userspace to be exercised. (*) http://people.redhat.com/~dhowells/keys/request-key An example shell script (to be installed in /sbin) for instantiating a key. David