David Howells <dhowells@xxxxxxxxxx> wrote: > > Plus there are various really weird things in their where the keyring > > names of _tid, _pid, _ses, get reused over and over again. > > True, however per-thread (_tid) and per-process(_pid) keyrings are always > allocated by key_alloc() and never looked up by name when being created. > > Anonymous session (_ses) keyrings are also created by key_alloc() and not > looked up when created. It's only when a named session keyring is requested > that a look up by name is done. > > I could make the per-thread, per-process and anon-session keyrings nameless by > default, or prefix them with '.' and not permit joining of a keyring whose > name begins with a '.' (you aren't allowed to use add_key() to create a such > keyrings, so that really ought to be extended to here too). Note that the per-thread, per-process and anon-session keyrings are not joinable by default as they don't come with SEARCH permission for u/g/o. David _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linuxfoundation.org/mailman/listinfo/containers
