How to use keyring in the kernel?

Freeman Zhang freeman.zhang1992 at gmail.com
Thu Jul 3 05:12:15 EDT 2014


Hi List!

Recently I want to play with kernel keyring facilities. But
I find out that only a few programs like eCryptfs using
kernel keyring. I read the documents. It said:

The key service defines two special key types:

(+) "keyring"

Keyrings are special keys that contain a list of other keys. Keyring
lists can be modified using various system calls. Keyrings should not
be given a payload when created.

(+) "user"

A key of this type has a description and a payload that are arbitrary
blobs of data. These can be created, updated and read by userspace,
and aren't intended for use by kernel services.

Does it means we keep the keyring in the kernel only for
userspace programs to use? How can this strategy ensure
security?

And most importantly, what if someone need to manipulate
(created, updated and read) keys(not keyring) in kernel
services while user key type "aren't intended" for that?



All the best!
Freeman



More information about the Kernelnewbies mailing list