From: "Michael Kerrisk (man-pages)" <mtk.manpages-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
To: David Howells <dhowells-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
Cc: mtk.manpages-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org,
lkml <linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
Eugene Syromyatnikov
<evgsyr-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>,
keyrings-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
linux-man <linux-man-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>
Subject: Re: Revised keyrings(7) man page for review
Date: Tue, 13 Dec 2016 14:52:00 +0100 [thread overview]
Message-ID: <a5615075-dd39-e206-cbce-385bed72473f@gmail.com> (raw)
In-Reply-To: <26913.1481636296-S6HVgzuS8uM4Awkfq6JHfwNdhmdF6hFW@public.gmane.org>
On 12/13/2016 02:38 PM, David Howells wrote:
> Michael Kerrisk (man-pages) <mtk.manpages-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
>
>> So, I've updated this piece a couple of times since the draft that you
>> reviewed, and by now it reads:
>>
>> "big_key" (since Linux 3.13)
>> This key type is similar to the "user" key type, but it may
>> hold a payload of up to 1 MiB in size. This key type is
>> useful for tasks such as holding Kerberos ticket caches.
>
> I'm not sure that "tasks" is quite the word I'd use here (it's overloaded).
> Perhaps "purposes"?
Fixed.
>> The payload data may be stored in the swap space rather
>> than in kernel memory if the data size exceeds the overhead
>> of storing the data encrypted in swap space. (A tmpfs file
>> is used, which requires filesystem structures to be allo‐
>> cated in the kernel; The size of these structures deter‐
>> mines the size threshold above which the tmpfs storage
>> method is used.) Since Linux 4.8, payload data is
>> encrypted, to prevent it being written unencrypted into
>> swap space.
>
> I would either drop the first "encrypted" ("storing the data encrypted") since
I already dropped that first "encrypted".
> you mention this later or move it earlier to be after the word "stored" ("may
> be stored encrypted").
>
> Note that with the "Since Linux 4.8 ..." sentence, the encryption is only
> applied if it is stored into tmpfs.
Thanks for that tip.
> Also, the payload isn't directly stored into swapspace, but is rather stored
> into tmpfs, from where it can be swapped. This is important since you can use
> this type of key without any swapspace available to your system.
Yes, the text still needs some work... How about:
"big_key" (since Linux 3.13)
This key type is similar to the "user" key type, but it may
hold a payload of up to 1 MiB in size. This key type is
useful for purposes such as holding Kerberos ticket caches.
The payload data may be stored in a tmpfs filesystem,
rather than in kernel memory, if the data size exceeds the
overhead of storing the data in the filesystem. (Storing
the data in a filesystem requires filesystem structures to
be allocated in the kernel. The size of these structures
determines the size threshold above which the tmpfs storage
method is used.) Since Linux 4.8, the payload data is
encrypted when stored in tmpfs, to prevent it being written
unencrypted into swap space.
?
Thanks,
Michael
--
Michael Kerrisk
Linux man-pages maintainer; http://www.kernel.org/doc/man-pages/
Linux/UNIX System Programming Training: http://man7.org/training/
--
To unsubscribe from this list: send the line "unsubscribe linux-man" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
WARNING: multiple messages have this Message-ID (diff)
From: "Michael Kerrisk (man-pages)" <mtk.manpages@gmail.com>
To: David Howells <dhowells@redhat.com>
Cc: mtk.manpages@gmail.com, lkml <linux-kernel@vger.kernel.org>,
Eugene Syromyatnikov <evgsyr@gmail.com>,
keyrings@vger.kernel.org, linux-man <linux-man@vger.kernel.org>
Subject: Re: Revised keyrings(7) man page for review
Date: Tue, 13 Dec 2016 14:52:00 +0100 [thread overview]
Message-ID: <a5615075-dd39-e206-cbce-385bed72473f@gmail.com> (raw)
In-Reply-To: <26913.1481636296@warthog.procyon.org.uk>
On 12/13/2016 02:38 PM, David Howells wrote:
> Michael Kerrisk (man-pages) <mtk.manpages@gmail.com> wrote:
>
>> So, I've updated this piece a couple of times since the draft that you
>> reviewed, and by now it reads:
>>
>> "big_key" (since Linux 3.13)
>> This key type is similar to the "user" key type, but it may
>> hold a payload of up to 1 MiB in size. This key type is
>> useful for tasks such as holding Kerberos ticket caches.
>
> I'm not sure that "tasks" is quite the word I'd use here (it's overloaded).
> Perhaps "purposes"?
Fixed.
>> The payload data may be stored in the swap space rather
>> than in kernel memory if the data size exceeds the overhead
>> of storing the data encrypted in swap space. (A tmpfs file
>> is used, which requires filesystem structures to be allo‐
>> cated in the kernel; The size of these structures deter‐
>> mines the size threshold above which the tmpfs storage
>> method is used.) Since Linux 4.8, payload data is
>> encrypted, to prevent it being written unencrypted into
>> swap space.
>
> I would either drop the first "encrypted" ("storing the data encrypted") since
I already dropped that first "encrypted".
> you mention this later or move it earlier to be after the word "stored" ("may
> be stored encrypted").
>
> Note that with the "Since Linux 4.8 ..." sentence, the encryption is only
> applied if it is stored into tmpfs.
Thanks for that tip.
> Also, the payload isn't directly stored into swapspace, but is rather stored
> into tmpfs, from where it can be swapped. This is important since you can use
> this type of key without any swapspace available to your system.
Yes, the text still needs some work... How about:
"big_key" (since Linux 3.13)
This key type is similar to the "user" key type, but it may
hold a payload of up to 1 MiB in size. This key type is
useful for purposes such as holding Kerberos ticket caches.
The payload data may be stored in a tmpfs filesystem,
rather than in kernel memory, if the data size exceeds the
overhead of storing the data in the filesystem. (Storing
the data in a filesystem requires filesystem structures to
be allocated in the kernel. The size of these structures
determines the size threshold above which the tmpfs storage
method is used.) Since Linux 4.8, the payload data is
encrypted when stored in tmpfs, to prevent it being written
unencrypted into swap space.
?
Thanks,
Michael
--
Michael Kerrisk
Linux man-pages maintainer; http://www.kernel.org/doc/man-pages/
Linux/UNIX System Programming Training: http://man7.org/training/
next prev parent reply other threads:[~2016-12-13 13:52 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-11-04 15:47 Revised keyrings(7) man page for review Michael Kerrisk
2016-11-04 15:47 ` Michael Kerrisk
[not found] ` <51643019-bb42-4066-c824-c55b9e668ac6-ASgREoAs3yw@public.gmane.org>
2016-11-25 1:00 ` [PATCH draft_keys 0/7] Minor edits Eugene Syromyatnikov
2016-11-25 10:01 ` Michael Kerrisk (man-pages)
2016-11-25 1:00 ` [PATCH draft_keys 1/7] keyctl.2: tfix Eugene Syromyatnikov
2016-11-25 8:35 ` Michael Kerrisk (man-pages)
2016-11-25 1:00 ` [PATCH draft_keys 2/7] keyrings.7: minor clarification rearding storage method used in keyrings Eugene Syromyatnikov
2016-11-25 8:37 ` Michael Kerrisk (man-pages)
2016-11-25 1:01 ` [PATCH draft_keys 3/7] keyrings.7: spacing fix Eugene Syromyatnikov
2016-11-25 8:39 ` Michael Kerrisk (man-pages)
2016-11-25 1:01 ` [PATCH draft_keys 4/7] keyrings.7: minor clarification regarding decision whether to store big_key in tmpfs or not Eugene Syromyatnikov
2016-11-25 8:40 ` Michael Kerrisk (man-pages)
2016-11-25 1:01 ` [PATCH draft_keys 5/7] keyrings.7: tfix Eugene Syromyatnikov
2016-11-25 8:42 ` Michael Kerrisk (man-pages)
2016-11-25 1:01 ` [PATCH draft_keys 6/7] " Eugene Syromyatnikov
2016-11-25 8:43 ` Michael Kerrisk (man-pages)
2016-11-25 1:01 ` [PATCH draft_keys 7/7] keyrings.7: information regarding pre-3.17 limits on root_maxbytes/root_maxkeys Eugene Syromyatnikov
2016-11-25 8:54 ` Michael Kerrisk (man-pages)
2016-11-26 12:51 ` Revised keyrings(7) man page for review Michael Kerrisk (man-pages)
2016-11-26 12:51 ` Michael Kerrisk (man-pages)
2016-12-13 11:35 ` David Howells
2016-12-13 11:35 ` David Howells
[not found] ` <25262.1481628931-S6HVgzuS8uM4Awkfq6JHfwNdhmdF6hFW@public.gmane.org>
2016-12-13 12:43 ` Michael Kerrisk (man-pages)
2016-12-13 12:43 ` Michael Kerrisk (man-pages)
[not found] ` <9f32a79b-5795-bff4-b741-bf927a525149-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2016-12-13 12:57 ` Michael Kerrisk (man-pages)
2016-12-13 12:57 ` Michael Kerrisk (man-pages)
2016-12-13 13:31 ` David Howells
2016-12-13 13:31 ` David Howells
2016-12-13 13:41 ` Michael Kerrisk (man-pages)
[not found] ` <CAKgNAkh9JLN4P+Fu+yRCNo96E3VwjYLRquuaf43XRWeuC7gnNw-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2016-12-13 13:38 ` David Howells
2016-12-13 13:38 ` David Howells
[not found] ` <26913.1481636296-S6HVgzuS8uM4Awkfq6JHfwNdhmdF6hFW@public.gmane.org>
2016-12-13 13:52 ` Michael Kerrisk (man-pages) [this message]
2016-12-13 13:52 ` Michael Kerrisk (man-pages)
[not found] ` <a5615075-dd39-e206-cbce-385bed72473f-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2016-12-13 14:20 ` David Howells
2016-12-13 14:20 ` David Howells
2016-12-14 7:27 ` Michael Kerrisk (man-pages)
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=a5615075-dd39-e206-cbce-385bed72473f@gmail.com \
--to=mtk.manpages-re5jqeeqqe8avxtiumwx3w@public.gmane.org \
--cc=dhowells-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=evgsyr-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org \
--cc=keyrings-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-man-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.