From: David Howells <dhowells@redhat.com>
To: Jann Horn <jannh@google.com>
Cc: dhowells@redhat.com, "Eric W. Biederman" <ebiederm@xmission.com>,
keyrings@vger.kernel.org,
linux-security-module <linux-security-module@vger.kernel.org>,
linux-fsdevel <linux-fsdevel@vger.kernel.org>,
kernel list <linux-kernel@vger.kernel.org>,
dwalsh@redhat.com, vgoyal@redhat.com
Subject: Re: [PATCH 07/11] keys: Move the user and user-session keyrings to the user_namespace
Date: Wed, 24 Apr 2019 23:24:31 +0100 [thread overview]
Message-ID: <3753.1556144671@warthog.procyon.org.uk> (raw)
In-Reply-To: <CAG48ez23c1eiEJpBwkV183sesj6EDWoMsEh40GDXQkS1W2_nMA@mail.gmail.com>
Jann Horn <jannh@google.com> wrote:
> Overall, this looks good to me, apart from some details.
>
> The user_keyring_register keyring is basically just used like an
> xarray/idr/... that maps from namespaced UIDs to keyrings, right? (Not
> saying it's a bad idea, just want to make sure I understand it
> correctly.)
Well, a keyring is a wrapper around an assoc_array object, the keyring search
functions do the access checks and the keys garbage collector does the
cleanup. Also, each UID is mapped to two keyrings.
I'll have a look at applying the rest of your comments tomorrow.
Thanks,
David
next prev parent reply other threads:[~2019-04-24 22:24 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-04-24 16:13 [PATCH 00/11] keys: Namespacing David Howells
2019-04-24 16:13 ` [PATCH 01/11] keys: Invalidate used request_key authentication keys David Howells
2019-04-24 16:13 ` [PATCH 02/11] keys: Kill off request_key_async{,_with_auxdata} David Howells
2019-04-24 16:13 ` [PATCH 03/11] keys: Simplify key description management David Howells
2019-04-24 16:14 ` [PATCH 04/11] keys: Cache the hash value to avoid lots of recalculation David Howells
2019-04-24 16:14 ` [PATCH 05/11] keys: Add a 'recurse' flag for keyring searches David Howells
2019-04-25 4:27 ` Andrew Zaborowski
2019-04-25 11:02 ` David Howells
2019-04-24 16:14 ` [PATCH 06/11] keys: Namespace keyring names David Howells
2019-04-24 16:14 ` [PATCH 07/11] keys: Move the user and user-session keyrings to the user_namespace David Howells
2019-04-24 22:03 ` Jann Horn
2019-04-24 22:24 ` David Howells [this message]
2019-04-25 11:38 ` David Howells
2019-04-24 16:14 ` [PATCH 08/11] keys: Include target namespace in match criteria David Howells
2019-04-24 16:14 ` [PATCH 09/11] keys: Garbage collect keys for which the domain has been removed David Howells
2019-04-24 16:14 ` [PATCH 10/11] keys: Network namespace domain tag David Howells
2019-04-24 21:54 ` David Howells
2019-04-24 16:15 ` [PATCH 11/11] keys: Pass the network namespace into request_key mechanism David Howells
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3753.1556144671@warthog.procyon.org.uk \
--to=dhowells@redhat.com \
--cc=dwalsh@redhat.com \
--cc=ebiederm@xmission.com \
--cc=jannh@google.com \
--cc=keyrings@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=vgoyal@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox