Hi David, While checking on something else, I noticed that key_type_dns_resolver keyring is flagged with KEY_FLAG_ROOT_CAN_CLEAR, and the individual lookup keys are flagged as KEY_FLAG_ROOT_CAN_INVAL. From what I understand, that means that the root user can clear the keyring from the userspace, and can also revoke individual keys. My question now is, how do I identify the serial num for the key_type_dns_resolver keyring? >From the code, I see that we kdebug this during the instantiation of this keyring. But I guess this would only be at kernel bootup (since by default the dns resolver is configured to be part of the kernel, and not a .ko). Is there any other easy way to identify this keyring on a system that has an uptime of several weeks/months? -- Regards, Shyam
