Jeff Layton <[email protected]> wrote: > +static void > +check_session_keyring(void) > +{ > + key_serial_t ses_key, uses_key; > + > + ses_key = keyctl_get_keyring_ID(KEY_SPEC_SESSION_KEYRING, 0); > + if (ses_key == -1) > + return; > + > + uses_key = keyctl_get_keyring_ID(KEY_SPEC_USER_SESSION_KEYRING, 0); > + if (uses_key == -1) > + return; > + > + if (ses_key == uses_key) > + fprintf(stderr, "Warning: you have no session keyring. " > + "cifscreds keys will not persist. See " > + "pam_keyinit(8).\n"); > +}
I would suggest reporting an error and exiting in the event that certainly the first call returns -1 and maybe the second. Other than that, it looks okay. I wonder if I should suggest giving an error if you try and modify the session keyring when there isn't one (where modification includes adding a key to it). When I first did the keyring stuff in the kernel, I didn't envision pam_keyinit - which in retrospect is a much better way of generating the session keyring than having the kernel try to guess. Note that this would not stop processes joining a session keyring or creating a new session keyring. David -- To unsubscribe from this list: send the line "unsubscribe linux-cifs" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html
