On Fri, Jun 10, 2022 at 6:59 AM Roberto Sassu <roberto.sassu@xxxxxxxxxx> wrote: > + keyring = (keyring_id == U16_MAX) ? > + cred->session_keyring : (struct key *)keyring_id; This is too limiting. bpf prog should be able to do what *key syscalls can do. By doing lookup_user_key(id) -> keyring. Maybe it's ok to have a special reserved id that does cred->sessions_keyring as a shortcut, but that's an optimization.
