[PATCH 07/11] keys: Move the user and user-session keyrings to the user_namespace
dhowells at redhat.com
Wed Apr 24 22:24:31 UTC 2019
Jann Horn <jannh at google.com> wrote:
> Overall, this looks good to me, apart from some details.
> The user_keyring_register keyring is basically just used like an
> xarray/idr/... that maps from namespaced UIDs to keyrings, right? (Not
> saying it's a bad idea, just want to make sure I understand it
Well, a keyring is a wrapper around an assoc_array object, the keyring search
functions do the access checks and the keys garbage collector does the
cleanup. Also, each UID is mapped to two keyrings.
I'll have a look at applying the rest of your comments tomorrow.
More information about the Linux-security-module-archive