Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1752815AbbBXPdb (ORCPT <rfc822;w@1wt.eu>);
	Tue, 24 Feb 2015 10:33:31 -0500
Received: from fieldses.org ([173.255.197.46]:52596 "EHLO fieldses.org"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1752392AbbBXPda (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
	Tue, 24 Feb 2015 10:33:30 -0500
Date: Tue, 24 Feb 2015 10:33:29 -0500
From: "J. Bruce Fields" <bfields@fieldses.org>
To: Benjamin Coddington <bcodding@redhat.com>
Cc: Ian Kent <ikent@redhat.com>, "Eric W. Biederman" <ebiederm@xmission.com>,
        David Howells <dhowells@redhat.com>,
        Kernel Mailing List <linux-kernel@vger.kernel.org>,
        Oleg Nesterov <onestero@redhat.com>,
        Trond Myklebust <trond.myklebust@primarydata.com>,
        Al Viro <viro@ZenIV.linux.org.uk>,
        Jeff Layton <jeff.layton@primarydata.com>
Subject: Re: [RFC PATCH 5/8] KEYS: exec request-key within the requesting
 task's init namespace
Message-ID: <20150224153329.GA2415@fieldses.org>
References: <1424306341.2649.12.camel@pluto.fritz.box>
 <20150219013116.GA13131@fieldses.org>
 <1424424805.2632.24.camel@pluto.fritz.box>
 <20150220172558.GD18103@fieldses.org>
 <877fvc319o.fsf@x220.int.ebiederm.org>
 <20150220190547.GE18103@fieldses.org>
 <1424491138.2641.83.camel@pluto.fritz.box>
 <20150223145237.GB21246@fieldses.org>
 <1424739027.2616.20.camel@pluto.fritz.box>
 <alpine.OSX.2.19.9992.1502231654580.80359@planck.local>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <alpine.OSX.2.19.9992.1502231654580.80359@planck.local>
User-Agent: Mutt/1.5.21 (2010-09-15)
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 1243
Lines: 27

On Mon, Feb 23, 2015 at 05:22:12PM -0800, Benjamin Coddington wrote:
> That sounds a lot closer to some of the work I've been doing to see if I can
> come up with a way to solve the "where's the namespace I need?" problem.
> 
> I agree with Greg's very early comments that the easiest way to determine
> which namespace context a process should use is to keep it as a copy of
> the task -- and the place that copy should be done is fork().

So you're suggesting that the key_agent could be that copy?  But:

> ... If not, then the calling process itself is forked/execve-ed into a
> new persistent key_agent that is installed on the calling process'
> keyrings just like a key, and with the same lifetime and GC
> expectations of a key.
> 
> A key_agent is a user-space process...

If the key_agent can die before it's needed, then we have to keep around
some other context information to allow regenerating a new one.  So what
is that piece of information?  Aren't we back where we started?

--b.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/