From: Christophe Saout <christophe@saout.de>
To: Matt Mackall <mpm@selenic.com>
Cc: linux-kernel <linux-kernel@vger.kernel.org>,
Clemens Fruhwirth <clemens@endorphin.org>,
dm-crypt@saout.de, Alasdair G Kergon <agk@redhat.com>
Subject: Re: dm-crypt crypt_status reports key?
Date: Thu, 03 Feb 2005 03:34:29 +0100 [thread overview]
Message-ID: <1107398069.11826.16.camel@server.cs.pocnet.net> (raw)
In-Reply-To: <20050203015236.GO2493@waste.org>
[-- Attachment #1: Type: text/plain, Size: 1350 bytes --]
Am Mittwoch, den 02.02.2005, 17:52 -0800 schrieb Matt Mackall:
> > An alternativ would be to use some form of handle to point to the key
> > after it has been given to the kernel. But that would require some more
> > infrastructure.
>
> There's been some talk about such infrastructure already. I believe
> some pieces of it may already be in place.
Yes, you are right. I didn't follow the discussion but it actually looks
very promising. The keys in the infrastructure are reference-counted.
That's good.
The keyrings can be attached to either thread, processes, sessions or
users.
It seems that it's possible to have floating keys (not attached to any
keyring). So we would just need to figure out how to use these keyrings
to allow communication with userspace applications. Process keyrings
seem to have the advantage that the keyring is dropped when it exits so
that all keys that are not in use by the kernel are also dropped. A
keyring for the root user would have the problem that if the cryptsetup
application aborts in the middle you would end up with old keys lying
around forever.
The keyring API seems very flexible. You can define your own type of
keys and give them names. Well, the name is probably irrelevant here and
should be chosen randomly but it's less likely to collide with someone
else.
[-- Attachment #2: Dies ist ein digital signierter Nachrichtenteil --]
[-- Type: application/pgp-signature, Size: 189 bytes --]
next prev parent reply other threads:[~2005-02-03 2:34 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-02-02 21:19 dm-crypt crypt_status reports key? Matt Mackall
2005-02-02 23:50 ` Alasdair G Kergon
2005-02-03 1:00 ` Matt Mackall
2005-02-03 21:53 ` Pavel Machek
2005-02-03 1:33 ` Christophe Saout
2005-02-03 1:52 ` Matt Mackall
2005-02-03 2:34 ` Christophe Saout [this message]
2005-02-03 4:05 ` Matt Mackall
2005-02-03 13:07 ` Christophe Saout
2005-02-03 14:18 ` Fruhwirth Clemens
2005-02-03 10:15 ` Christopher Warner
2005-02-03 15:17 ` Fruhwirth Clemens
2005-02-03 14:47 ` Andries Brouwer
2005-02-03 15:00 ` Fruhwirth Clemens
2005-02-04 13:27 ` [dm-crypt] " Fruhwirth Clemens
2005-02-04 14:03 ` Christophe Saout
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1107398069.11826.16.camel@server.cs.pocnet.net \
--to=christophe@saout.de \
--cc=agk@redhat.com \
--cc=clemens@endorphin.org \
--cc=dm-crypt@saout.de \
--cc=linux-kernel@vger.kernel.org \
--cc=mpm@selenic.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox