On 2019-12-16 at 12:38 +0100 Aurélien Aptel sent off: > In terms of implementation each cifs mount stores a dictionnary mapping > uid to TreeCon (it's the tlink rb-tree, see cifs_sb_tlink(), > tlink_rb_search(), etc). > > I think it should just be a matter of storing the session id as the key > in the tlink rb-tree instead of uid (we use fsuid actually). This way > when a new session does a syscall on the mount, the lookup will fail, it > will try to create a new tlink, and fail unless there is the krb stuff > in the keyring. Awewone, looks like you have a plan already. > But are you sure root cannot "enter" an existing user session? I think > I've done it for screen sessions in the past... screen sessions are only local sockets without access protection from the kernel. I can't say for sure if there is a way for root to access users' session keyrings (I didn't find any) but it was one of the goals of the session keyring implementation that not even root can access the user keys in there. Cheers Björn