Re: [PATCH 07/11] keys: Move the user and user-session keyrings to the user_namespace

[PATCH 00/11] keys: Namespacing · David Howells <dhowells@redhat.com> · 2019-04-24
[PATCH 01/11] keys: Invalidate used request_key authentication keys · David Howells <dhowells@redhat.com> · 2019-04-24
[PATCH 02/11] keys: Kill off request_key_async{,_with_auxdata} · David Howells <dhowells@redhat.com> · 2019-04-24
[PATCH 03/11] keys: Simplify key description management · David Howells <dhowells@redhat.com> · 2019-04-24
[PATCH 04/11] keys: Cache the hash value to avoid lots of recalculation · David Howells <dhowells@redhat.com> · 2019-04-24
[PATCH 05/11] keys: Add a 'recurse' flag for keyring searches · David Howells <dhowells@redhat.com> · 2019-04-24
Re: [PATCH 05/11] keys: Add a 'recurse' flag for keyring searches · Andrew Zaborowski <hidden> · 2019-04-25
Re: [PATCH 05/11] keys: Add a 'recurse' flag for keyring searches · David Howells <dhowells@redhat.com> · 2019-04-25
[PATCH 06/11] keys: Namespace keyring names · David Howells <dhowells@redhat.com> · 2019-04-24
[PATCH 07/11] keys: Move the user and user-session keyrings to the user_namespace · David Howells <dhowells@redhat.com> · 2019-04-24
Re: [PATCH 07/11] keys: Move the user and user-session keyrings to the user_namespace · Jann Horn <jannh@google.com> · 2019-04-24
Re: [PATCH 07/11] keys: Move the user and user-session keyrings to the user_namespace · David Howells <dhowells@redhat.com> · 2019-04-24
Re: [PATCH 07/11] keys: Move the user and user-session keyrings to the user_namespace · David Howells <dhowells@redhat.com> · 2019-04-25
[PATCH 08/11] keys: Include target namespace in match criteria · David Howells <dhowells@redhat.com> · 2019-04-24
[PATCH 09/11] keys: Garbage collect keys for which the domain has been removed · David Howells <dhowells@redhat.com> · 2019-04-24
[PATCH 11/11] keys: Pass the network namespace into request_key mechanism · David Howells <dhowells@redhat.com> · 2019-04-24
[PATCH 10/11] keys: Network namespace domain tag · David Howells <dhowells@redhat.com> · 2019-04-24
Re: [PATCH 10/11] keys: Network namespace domain tag · David Howells <dhowells@redhat.com> · 2019-04-24

From: David Howells <dhowells@redhat.com>
Date: 2019-04-24 22:24:40
Also in: keyrings, linux-fsdevel, lkml

Jann Horn [off-list ref] wrote:

Overall, this looks good to me, apart from some details.

The user_keyring_register keyring is basically just used like an
xarray/idr/... that maps from namespaced UIDs to keyrings, right? (Not
saying it's a bad idea, just want to make sure I understand it
correctly.)

Well, a keyring is a wrapper around an assoc_array object, the keyring search
functions do the access checks and the keys garbage collector does the
cleanup.  Also, each UID is mapped to two keyrings.

I'll have a look at applying the rest of your comments tomorrow.

Thanks,
David

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help