Alison Schofield <alison.schofield@xxxxxxxxx> wrote: > + > + if (strcmp(key->type->name, "mktme") == 0) > + mktme_revoke_key(key); > + *Please* don't do that. The core code shouldn't be making references to specific key types in this way. The only reason this is necessary for encrypted and trusted keys is because they misused the ->update() hook and it took a while for this to be noticed. > The KEY_FLAG_KEEP bit offers good control. The mktme service uses > that flag to prevent userspace keys from going away without proper > synchronization with the mktme service type. This is not the control you are looking for. The point of KEY_FLAG_KEEP is to allow the system to pin a key. It's not meant to be a flag for the key type to play with. You say this: One example is that userspace keys should not be revoked while the hardware keyid slot is still in use. but why not? Revoking it causes accesses to return -EKEYREVOKED; it doesn't stop the kernel from using the key. Also, note that you don't *have* to provide a ->revoke() operation If you really want to suppress revocation, then I would suggest adding another type operation, say ->may_revoke(), that says whether you're allowed to do that. David
