On Thu, 01.08.13 14:47, Stephen Gallagher (sgallagh@xxxxxxxxxx) wrote: > > I can understand that it is easier to intrdouce a new userspace > > daemon that works around a kernel limitations, but the right > > approach is still to just fix the kernel interface. > > > > The kernel keyring folks work for Red Hat, have you pinged them? > > Circling back around on this, we contacted the kernel keyring > developers (specifically David Howells) and we are now working this > direction. We initially expected a great deal more resistance than we > actually got, which was why we hesitated to take this approach (that > and past history with size issues). > > So the current approach we are investigating looks something like the > following (based on discussions between Simo, Nalin, David and myself) > > 1) We will add a new key type "big_key" that allows us to create keys > up to 1MiB in size, backed by internal kernel tmpfs, allowing the > contents to be swapped out to disk (unlike most other keyrings, which > remain in unswappable kernel memory). Thank you! This sounds like the optimal solution for everybody with the best semantics! Lennart -- Lennart Poettering - Red Hat, Inc. -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
