Received: by 2002:ac0:a679:0:0:0:0:0 with SMTP id p54csp892034imp;
        Wed, 20 Feb 2019 10:55:07 -0800 (PST)
X-Google-Smtp-Source: AHgI3IZMisj0WGo4OTPLQAl1i0gcKJJQqjUoeHOqcFCqdqU4cBKLfY5mA4v2djwFx6ZfNpnHxNiz
X-Received: by 2002:a17:902:834b:: with SMTP id z11mr15410331pln.257.1550688907746;
        Wed, 20 Feb 2019 10:55:07 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1550688907; cv=none;
        d=google.com; s=arc-20160816;
        b=VEQJktiJWvP1bkNYw0/9/J+YyIg4O7TbEqL6wv71MRBTiSjwchGRNwuXW5YG80X/9J
         TCpFm6Q0IpFif3SJFHXtmnZQuznVMePBYzqDPN4smTytsoqwOBLfieA5uHam2WOFBjjX
         0FjldKLt0uJLqAYNVB4TsHFt1qCjh9DuSyTPaSp/0vlzsFaWrHLxXmZlLHIC34yMKwlC
         Q0FszGEqyyK38TsM21CMM1PEehJP8ShwU6QLPNIVGLrkl77X6UFLQ2IDdRWFgKokAs4V
         Vm/AOk5eG2RJne6yq1wdu9SXPNOJ1LtZ1xAUC11KX+XoYsCRj1ypdyh0x+CcFRGGMaac
         MXvg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:dkim-signature;
        bh=69pGSLtiMeij6RrqmuPcnfvevvsbPQnAzvM0pX/lRJQ=;
        b=urC6HCSsUco1f3H/8qz1/QXQaYyeVjzxAH02UC+9RIDIbXjmZbY5aSDMRrw50+3Elk
         IunIrrj2Lzv7Ew3PCYqYAkzVlkOF0BIC2Th/r99Men1KA9MTyxAHSEYE7VISahGLjzKe
         Qjfv8bL6eGvzWCzvgJE8bqB7540UqXdmAocUBBHKogJp6rkjg/8fo160pdtqg2LJKcAH
         wvykGPiCXxDjPJhmF6POa7/63LZ8cL/GTSMPh9N1p3fIHopIGK275SfCr8ptfX11lW4q
         kDQYT6jLVSGxZ+WLWLh/+h9kfuIkCw7hD1aCfzylnYmdFF1ypAqA+RqSKpt5ww58mG/4
         mH6Q==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=s7E0osEA;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id s136si18213415pgs.277.2019.02.20.10.54.52;
        Wed, 20 Feb 2019 10:55:07 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=s7E0osEA;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726975AbfBTSya (ORCPT <rfc822;rajatbajpailinux@gmail.com>
        + 99 others); Wed, 20 Feb 2019 13:54:30 -0500
Received: from mail-pg1-f195.google.com ([209.85.215.195]:40872 "EHLO
        mail-pg1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1726074AbfBTSya (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 20 Feb 2019 13:54:30 -0500
Received: by mail-pg1-f195.google.com with SMTP id u9so8788022pgo.7;
        Wed, 20 Feb 2019 10:54:29 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=69pGSLtiMeij6RrqmuPcnfvevvsbPQnAzvM0pX/lRJQ=;
        b=s7E0osEAFwsHekLYnw/y3dlP7Il7WkaQAXshiisgS12vLkdvmZleHZ+T2YF+DtdsmJ
         Kt9Q1+xLCHXKgZoD08EQLnHscRc2Y0LkF3sTB8idSGQrPVr4I1dvV2koHBYgFO6VJ88Q
         Ooo87w1aXfcQ53CYCvVCN83wDa9aYk35s3+ZKIf1ZOqnteFcvI010F8s2WDDAJCNFiFS
         Ug0WMtR8+QH0GE5y/2OfOh1UCuBYszTnOwyWi+Eif21ROJfD+CJ3C8o1lBxwWd1ORKMk
         iEzdZ8P0QMATmlzg9/fGhXeJBgjEAzwgYmR+/7QeUumexwkX1LrM/idRUyYSeAgqLQ7z
         EFLA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=69pGSLtiMeij6RrqmuPcnfvevvsbPQnAzvM0pX/lRJQ=;
        b=PY3lAuQI+CDC8FyxT2ymI0E9Ijh/CSvIxfkGgSkthaJ8M33Ei6f9uLT1XU8kXEL+b6
         4HGrOW3RVTDtvDEaJ+BanuNJA1W8GiVBr93cu3c8/y22vTlWgzrFGvZeCAmmOWggNFSa
         zXW6geUSUZclmmdkv+jKVJB/WtLJ6tAo9OnTJAf6btQkMU2usW0prVHVHCcDGA2R3QfE
         QViP/5HnsTphD/PClA7xGRgC547AVzKB9qwWqbJhhPD8bVmgmixSgxrLdGyCwEqw0Zrs
         oldtyxm0p+eFMTsJUnv8JHoXrmoMh8u6UNIZ2qDh4+AkqhYnDoBd9sJ4+SvO9SM4pUu0
         J+uA==
X-Gm-Message-State: AHQUAuZLHJPmabKwv90RCLUQ7FUgdAzyVXfUlFXHeQZweWJTp+3OQaWe
        VK/EwPZA6i+kXOxmsPQkRDtzbfin47aqeVE5xiU=
X-Received: by 2002:a63:8743:: with SMTP id i64mr30503042pge.69.1550688868538;
 Wed, 20 Feb 2019 10:54:28 -0800 (PST)
MIME-Version: 1.0
References: <155024683432.21651.14153938339749694146.stgit@warthog.procyon.org.uk>
 <8736ojybw7.fsf@xmission.com> <22055.1550619729@warthog.procyon.org.uk>
In-Reply-To: <22055.1550619729@warthog.procyon.org.uk>
From:   Steve French <smfrench@gmail.com>
Date:   Wed, 20 Feb 2019 12:54:17 -0600
Message-ID: <CAH2r5muChuoHAM-AhBhTRkp=Lz0onyPa63MpV0qgm1TQKF=R5Q@mail.gmail.com>
Subject: Re: [RFC PATCH 00/27] Containers and using authenticated filesystems
To:     David Howells <dhowells@redhat.com>
Cc:     "Eric W. Biederman" <ebiederm@xmission.com>,
        keyrings@vger.kernel.org, trond.myklebust@hammerspace.com,
        Steve French <sfrench@samba.org>,
        linux-security-module@vger.kernel.org, linux-nfs@vger.kernel.org,
        CIFS <linux-cifs@vger.kernel.org>,
        linux-fsdevel <linux-fsdevel@vger.kernel.org>, rgb@redhat.com,
        LKML <linux-kernel@vger.kernel.org>,
        Linux Containers <containers@lists.linux-foundation.org>,
        Linux API <linux-api@vger.kernel.org>,
        samba-technical <samba-technical@lists.samba.org>
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Tue, Feb 19, 2019 at 5:42 PM David Howells <dhowells@redhat.com> wrote:
>
> Eric W. Biederman <ebiederm@xmission.com> wrote:
>
> > So you missed the main mailing lists for discussion of this kind of
> > thing
>
> Yeah, sorry about that.  I was primarily aiming it at Trond and Steve as I'd
> like to consider how to go about interpolating request_key() into NFS and CIFS
> so that they can make use of the key-related facilities that this makes
> available with AFS.

I am interested in this discussion because I have gotten various questions
about using Containers better on SMB3 mounts, and the question about
doing request_key better comes up **a lot** on SMB3 mounts (not just
for kerberos, Active Directory), and usability could be improved of some
of the cifs-utils that cifs.ko depends on.

Note that various virtualization/container identify features were added to the
protocol a few years ago (which we don't yet implement in Linux) but which
probably be **very** useful to followup on how these could be exposed
to help containers on network mounts in Linux.    See in particular this
new protocol feature (implemented by various servers including Windows
but not by Linux client yet) described in the protocol spec (MS-SMB2 section
2.2.9.2.1) - the "SMB2_REMOTED_IDENTITY_TREE_CONNECT context"
which can be sent at mount time:
https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-smb2/ee7ff411-93e0-484f-9f73-31916fee4cb8

This may be of interest to Samba server developers as well

> > and the maintainer.
>
> That would be me.  I maintain keyrings.


-- 
Thanks,

Steve