* How to use keyring in the kernel?
@ 2014-07-03 9:12 Freeman Zhang
2014-07-03 14:34 ` Valdis.Kletnieks at vt.edu
0 siblings, 1 reply; 3+ messages in thread
From: Freeman Zhang @ 2014-07-03 9:12 UTC (permalink / raw)
To: kernelnewbies
Hi List!
Recently I want to play with kernel keyring facilities. But
I find out that only a few programs like eCryptfs using
kernel keyring. I read the documents. It said:
The key service defines two special key types:
(+) "keyring"
Keyrings are special keys that contain a list of other keys. Keyring
lists can be modified using various system calls. Keyrings should not
be given a payload when created.
(+) "user"
A key of this type has a description and a payload that are arbitrary
blobs of data. These can be created, updated and read by userspace,
and aren't intended for use by kernel services.
Does it means we keep the keyring in the kernel only for
userspace programs to use? How can this strategy ensure
security?
And most importantly, what if someone need to manipulate
(created, updated and read) keys(not keyring) in kernel
services while user key type "aren't intended" for that?
All the best!
Freeman
^ permalink raw reply [flat|nested] 3+ messages in thread
* How to use keyring in the kernel?
2014-07-03 9:12 How to use keyring in the kernel? Freeman Zhang
@ 2014-07-03 14:34 ` Valdis.Kletnieks at vt.edu
2014-07-04 1:42 ` Freeman Zhang
0 siblings, 1 reply; 3+ messages in thread
From: Valdis.Kletnieks at vt.edu @ 2014-07-03 14:34 UTC (permalink / raw)
To: kernelnewbies
On Thu, 03 Jul 2014 17:12:15 +0800, Freeman Zhang said:
> And most importantly, what if someone need to manipulate
> (created, updated and read) keys(not keyring) in kernel
> services while user key type "aren't intended" for that?
Why would the kernel be doing that in the first place, when it can
just use a key that's *not* either a user key or a keyring?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 848 bytes
Desc: not available
Url : http://lists.kernelnewbies.org/pipermail/kernelnewbies/attachments/20140703/80607473/attachment.bin
^ permalink raw reply [flat|nested] 3+ messages in thread
* How to use keyring in the kernel?
2014-07-03 14:34 ` Valdis.Kletnieks at vt.edu
@ 2014-07-04 1:42 ` Freeman Zhang
0 siblings, 0 replies; 3+ messages in thread
From: Freeman Zhang @ 2014-07-04 1:42 UTC (permalink / raw)
To: kernelnewbies
Hi,
On Thu, 03 Jul 2014 22:34, Valdis.Kletnieks at vt.edu wrote:
> On Thu, 03 Jul 2014 17:12:15 +0800, Freeman Zhang said:
>
>> And most importantly, what if someone need to manipulate
>> (created, updated and read) keys(not keyring) in kernel
>> services while user key type "aren't intended" for that?
> Why would the kernel be doing that in the first place, when it can
> just use a key that's *not* either a user key or a keyring?
Oh, that's why we should define our own key types.
Thank you Valdis!
Freeman
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2014-07-04 1:42 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-07-03 9:12 How to use keyring in the kernel? Freeman Zhang
2014-07-03 14:34 ` Valdis.Kletnieks at vt.edu
2014-07-04 1:42 ` Freeman Zhang
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.