Re: [PATCH] implement in-kernel keys & keyring management [try #2]

From: James Morris
Date: Sat Aug 07 2004 - 23:48:03 EST

Next message: Zwane Mwaikambo: "[PATCH][2.6] Completely out of line spinlocks / i386"
Previous message: Gene Heskett: "Re: Possible dcache BUG"
In reply to: David Howells: "[PATCH] implement in-kernel keys & keyring management [try #2]"
Next in thread: David Howells: "Re: [PATCH] implement in-kernel keys & keyring management"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, 7 Aug 2004, David Howells wrote:

> > I guess the pure way to do it is to add 13 new syscalls....
>
> I don't really want to add any syscalls, though I wouldn't be too upset to add
> just one:-/
>
> What're other people's thoughts on this?

Implement a filesystem interface, e.g. /proc/<pid>/keys

>From here you can have:

/create

/<keyid>/update
/revoke
/chown
/chmod
...

Rather than syscalls/prctls for each of these.

For keyrings, you could have:

/proc/<pid>/keyring/thread
/session
/process
...

Instead of having /proc/keys and associated locking/seqfile overhead in
the kernel, a userspace library could instead traverse /proc to build a
global list of keys.

In general, I think you may be able to move logic out of the kernel this
way, e.g. userspace searching for keys.

- James
--
James Morris
<jmorris@xxxxxxxxxx>

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Zwane Mwaikambo: "[PATCH][2.6] Completely out of line spinlocks / i386"
Previous message: Gene Heskett: "Re: Possible dcache BUG"
In reply to: David Howells: "[PATCH] implement in-kernel keys & keyring management [try #2]"
Next in thread: David Howells: "Re: [PATCH] implement in-kernel keys & keyring management"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]