Hi List! Recently I want to play with kernel keyring facilities. But I find out that only a few programs like eCryptfs using kernel keyring. I read the documents. It said: The key service defines two special key types: (+) "keyring" Keyrings are special keys that contain a list of other keys. Keyring lists can be modified using various system calls. Keyrings should not be given a payload when created. (+) "user" A key of this type has a description and a payload that are arbitrary blobs of data. These can be created, updated and read by userspace, and aren't intended for use by kernel services. Does it means we keep the keyring in the kernel only for userspace programs to use? How can this strategy ensure security? And most importantly, what if someone need to manipulate (created, updated and read) keys(not keyring) in kernel services while user key type "aren't intended" for that? All the best! Freeman _______________________________________________ Kernelnewbies mailing list Kernelnewbies@xxxxxxxxxxxxxxxxx http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
