This seems like a reasonable change, but I'm willing to listen to
arguments to the contrary...
cifscreds currently hangs the keys off of the uid keyring. It seems
more appropriate though that we require that each session have its
own set. This might be particularly important in a containerized
situation. If a user authenticates in one container, then we probably
don't want to allow a user in another to "borrow" those creds.
Signed-off-by: Jeff Layton <jlayton@xxxxxxxxx>
---
cifscreds.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/cifscreds.c b/cifscreds.c
index cbd431e..6079b38 100644
--- a/cifscreds.c
+++ b/cifscreds.c
@@ -51,7 +51,7 @@
#define DOMAIN_DISALLOWED_CHARS "\\/:*?\"<>|"
/* destination keyring */
-#define DEST_KEYRING KEY_SPEC_USER_KEYRING
+#define DEST_KEYRING KEY_SPEC_SESSION_KEYRING
struct cmdarg {
char *host;
--
1.7.7.4
--
To unsubscribe from this list: send the line "unsubscribe linux-cifs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
