Re: Revised keyrings(7) man page for review

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 12/13/2016 02:38 PM, David Howells wrote:
> Michael Kerrisk (man-pages) <mtk.manpages@xxxxxxxxx> wrote:
> 
>> So, I've updated this piece a couple of times since the draft that you
>> reviewed, and by now it reads:
>>
>>        "big_key" (since Linux 3.13)
>>               This key type is similar to the "user" key type, but it may
>>               hold  a  payload  of up to 1 MiB in size.  This key type is
>>               useful for tasks such as holding Kerberos ticket caches.
> 
> I'm not sure that "tasks" is quite the word I'd use here (it's overloaded).
> Perhaps "purposes"?

Fixed.

>>               The payload data may be stored in  the  swap  space  rather
>>               than in kernel memory if the data size exceeds the overhead
>>               of storing the data encrypted in swap space.  (A tmpfs file
>>               is  used,  which requires filesystem structures to be allo‐
>>               cated in the kernel; The size of  these  structures  deter‐
>>               mines  the  size  threshold  above  which the tmpfs storage
>>               method  is  used.)   Since  Linux  4.8,  payload  data   is
>>               encrypted,  to  prevent  it  being written unencrypted into
>>               swap space.
> 
> I would either drop the first "encrypted" ("storing the data encrypted") since

I already dropped that first "encrypted".

> you mention this later or move it earlier to be after the word "stored" ("may
> be stored encrypted").
> 
> Note that with the "Since Linux 4.8 ..." sentence, the encryption is only
> applied if it is stored into tmpfs.

Thanks for that tip.

> Also, the payload isn't directly stored into swapspace, but is rather stored
> into tmpfs, from where it can be swapped.  This is important since you can use
> this type of key without any swapspace available to your system.

Yes, the text still needs some work... How about:


       "big_key" (since Linux 3.13)
              This key type is similar to the "user" key type, but it may
              hold  a  payload  of up to 1 MiB in size.  This key type is
              useful for purposes such as holding Kerberos ticket caches.

              The payload data may  be  stored  in  a  tmpfs  filesystem,
              rather  than in kernel memory, if the data size exceeds the
              overhead of storing the data in the  filesystem.   (Storing
              the  data in a filesystem requires filesystem structures to
              be allocated in the kernel.  The size of  these  structures
              determines the size threshold above which the tmpfs storage
              method is used.)  Since Linux  4.8,  the  payload  data  is
              encrypted when stored in tmpfs, to prevent it being written
              unencrypted into swap space.

?

Thanks,

Michael



-- 
Michael Kerrisk
Linux man-pages maintainer; http://www.kernel.org/doc/man-pages/
Linux/UNIX System Programming Training: http://man7.org/training/
--
To unsubscribe from this list: send the line "unsubscribe linux-man" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Kernel Documentation]     [Netdev]     [Linux Ethernet Bridging]     [Linux Wireless]     [Kernel Newbies]     [Security]     [Linux for Hams]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux Admin]     [Samba]

  Powered by Linux