Eric Biggers <ebiggers3@xxxxxxxxx> wrote: > @@ -135,6 +135,9 @@ int install_thread_keyring_to_cred(struct cred *new) > { > struct key *keyring; > > + if (new->thread_keyring) > + return -EEXIST; > + > keyring = keyring_alloc("_tid", new->uid, new->gid, new, > KEY_POS_ALL | KEY_USR_VIEW, > KEY_ALLOC_QUOTA_OVERRUN, It would probably be better just to return 0 and change the comment on the function to say that it sets a thread keyring if there isn't one already. Same for the process keyring. David