From mboxrd@z Thu Jan  1 00:00:00 1970
From: freeman.zhang1992@gmail.com (Freeman Zhang)
Date: Thu, 03 Jul 2014 17:12:15 +0800
Subject: How to use keyring in the kernel?
Message-ID: <53B51E6F.8040404@gmail.com>
To: kernelnewbies@lists.kernelnewbies.org
List-Id: kernelnewbies.lists.kernelnewbies.org

Hi List!

Recently I want to play with kernel keyring facilities. But
I find out that only a few programs like eCryptfs using
kernel keyring. I read the documents. It said:

The key service defines two special key types:

(+) "keyring"

Keyrings are special keys that contain a list of other keys. Keyring
lists can be modified using various system calls. Keyrings should not
be given a payload when created.

(+) "user"

A key of this type has a description and a payload that are arbitrary
blobs of data. These can be created, updated and read by userspace,
and aren't intended for use by kernel services.

Does it means we keep the keyring in the kernel only for
userspace programs to use? How can this strategy ensure
security?

And most importantly, what if someone need to manipulate
(created, updated and read) keys(not keyring) in kernel
services while user key type "aren't intended" for that?



All the best!
Freeman