[PATCH 07/11] keys: Move the user and user-session keyrings to the user_namespace

David Howells dhowells at redhat.com
Wed Apr 24 22:24:31 UTC 2019

Jann Horn <jannh at google.com> wrote:

> Overall, this looks good to me, apart from some details.
> The user_keyring_register keyring is basically just used like an
> xarray/idr/... that maps from namespaced UIDs to keyrings, right? (Not
> saying it's a bad idea, just want to make sure I understand it
> correctly.)

Well, a keyring is a wrapper around an assoc_array object, the keyring search
functions do the access checks and the keys garbage collector does the
cleanup.  Also, each UID is mapped to two keyrings.

I'll have a look at applying the rest of your comments tomorrow.


More information about the Linux-security-module-archive mailing list