[RFC] Keyrings: How to make them more useful
Mimi Zohar
zohar at linux.ibm.com
Mon Jun 16 20:30:05 UTC 2025
On Thu, 2025-06-12 at 13:36 +0100, David Howells wrote:
[ ...]
> (4) I think the keyring ACLs idea need to be revived. We have a whole bunch
> of different keyrings, each with a specific 'domain' of usage for the
> keys contained therein for checking signatures on things. Can we reduce
> this to one keyring and use ACLs to declare the specific purposes for
> which a key may be used or the specific tasks that may use it? Use
> special subject IDs (ie. not simply UIDs/GIDs) to mark this.
David, which keyrings are you referring to? What do you mean by 'domain' of
usage? At what level of granularity are you thinking of? This needs to be
describe in more detail.
thanks,
Mimi
More information about the Linux-security-module-archive
mailing list