Eric Biggers <ebiggers3@xxxxxxxxx> wrote: > Fix it by marking user and user session keyrings with a flag > KEY_FLAG_UID_KEYRING. Then, when searching for a user or user session > keyring by name, skip all keyrings that don't have the flag set. I wonder if it's better just to reject attempts to manually create/join keyrings of such names. PAM uses the implicit creation method of specifying the 'macro' key IDs for these keyrings. David