Received: by 2002:ac0:a679:0:0:0:0:0 with SMTP id p54csp892034imp; Wed, 20 Feb 2019 10:55:07 -0800 (PST) X-Google-Smtp-Source: AHgI3IZMisj0WGo4OTPLQAl1i0gcKJJQqjUoeHOqcFCqdqU4cBKLfY5mA4v2djwFx6ZfNpnHxNiz X-Received: by 2002:a17:902:834b:: with SMTP id z11mr15410331pln.257.1550688907746; Wed, 20 Feb 2019 10:55:07 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1550688907; cv=none; d=google.com; s=arc-20160816; b=VEQJktiJWvP1bkNYw0/9/J+YyIg4O7TbEqL6wv71MRBTiSjwchGRNwuXW5YG80X/9J TCpFm6Q0IpFif3SJFHXtmnZQuznVMePBYzqDPN4smTytsoqwOBLfieA5uHam2WOFBjjX 0FjldKLt0uJLqAYNVB4TsHFt1qCjh9DuSyTPaSp/0vlzsFaWrHLxXmZlLHIC34yMKwlC Q0FszGEqyyK38TsM21CMM1PEehJP8ShwU6QLPNIVGLrkl77X6UFLQ2IDdRWFgKokAs4V Vm/AOk5eG2RJne6yq1wdu9SXPNOJ1LtZ1xAUC11KX+XoYsCRj1ypdyh0x+CcFRGGMaac MXvg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=69pGSLtiMeij6RrqmuPcnfvevvsbPQnAzvM0pX/lRJQ=; b=urC6HCSsUco1f3H/8qz1/QXQaYyeVjzxAH02UC+9RIDIbXjmZbY5aSDMRrw50+3Elk IunIrrj2Lzv7Ew3PCYqYAkzVlkOF0BIC2Th/r99Men1KA9MTyxAHSEYE7VISahGLjzKe Qjfv8bL6eGvzWCzvgJE8bqB7540UqXdmAocUBBHKogJp6rkjg/8fo160pdtqg2LJKcAH wvykGPiCXxDjPJhmF6POa7/63LZ8cL/GTSMPh9N1p3fIHopIGK275SfCr8ptfX11lW4q kDQYT6jLVSGxZ+WLWLh/+h9kfuIkCw7hD1aCfzylnYmdFF1ypAqA+RqSKpt5ww58mG/4 mH6Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=s7E0osEA; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id s136si18213415pgs.277.2019.02.20.10.54.52; Wed, 20 Feb 2019 10:55:07 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=s7E0osEA; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726975AbfBTSya (ORCPT + 99 others); Wed, 20 Feb 2019 13:54:30 -0500 Received: from mail-pg1-f195.google.com ([209.85.215.195]:40872 "EHLO mail-pg1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726074AbfBTSya (ORCPT ); Wed, 20 Feb 2019 13:54:30 -0500 Received: by mail-pg1-f195.google.com with SMTP id u9so8788022pgo.7; Wed, 20 Feb 2019 10:54:29 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=69pGSLtiMeij6RrqmuPcnfvevvsbPQnAzvM0pX/lRJQ=; b=s7E0osEAFwsHekLYnw/y3dlP7Il7WkaQAXshiisgS12vLkdvmZleHZ+T2YF+DtdsmJ Kt9Q1+xLCHXKgZoD08EQLnHscRc2Y0LkF3sTB8idSGQrPVr4I1dvV2koHBYgFO6VJ88Q Ooo87w1aXfcQ53CYCvVCN83wDa9aYk35s3+ZKIf1ZOqnteFcvI010F8s2WDDAJCNFiFS Ug0WMtR8+QH0GE5y/2OfOh1UCuBYszTnOwyWi+Eif21ROJfD+CJ3C8o1lBxwWd1ORKMk iEzdZ8P0QMATmlzg9/fGhXeJBgjEAzwgYmR+/7QeUumexwkX1LrM/idRUyYSeAgqLQ7z EFLA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=69pGSLtiMeij6RrqmuPcnfvevvsbPQnAzvM0pX/lRJQ=; b=PY3lAuQI+CDC8FyxT2ymI0E9Ijh/CSvIxfkGgSkthaJ8M33Ei6f9uLT1XU8kXEL+b6 4HGrOW3RVTDtvDEaJ+BanuNJA1W8GiVBr93cu3c8/y22vTlWgzrFGvZeCAmmOWggNFSa zXW6geUSUZclmmdkv+jKVJB/WtLJ6tAo9OnTJAf6btQkMU2usW0prVHVHCcDGA2R3QfE QViP/5HnsTphD/PClA7xGRgC547AVzKB9qwWqbJhhPD8bVmgmixSgxrLdGyCwEqw0Zrs oldtyxm0p+eFMTsJUnv8JHoXrmoMh8u6UNIZ2qDh4+AkqhYnDoBd9sJ4+SvO9SM4pUu0 J+uA== X-Gm-Message-State: AHQUAuZLHJPmabKwv90RCLUQ7FUgdAzyVXfUlFXHeQZweWJTp+3OQaWe VK/EwPZA6i+kXOxmsPQkRDtzbfin47aqeVE5xiU= X-Received: by 2002:a63:8743:: with SMTP id i64mr30503042pge.69.1550688868538; Wed, 20 Feb 2019 10:54:28 -0800 (PST) MIME-Version: 1.0 References: <155024683432.21651.14153938339749694146.stgit@warthog.procyon.org.uk> <8736ojybw7.fsf@xmission.com> <22055.1550619729@warthog.procyon.org.uk> In-Reply-To: <22055.1550619729@warthog.procyon.org.uk> From: Steve French Date: Wed, 20 Feb 2019 12:54:17 -0600 Message-ID: Subject: Re: [RFC PATCH 00/27] Containers and using authenticated filesystems To: David Howells Cc: "Eric W. Biederman" , keyrings@vger.kernel.org, trond.myklebust@hammerspace.com, Steve French , linux-security-module@vger.kernel.org, linux-nfs@vger.kernel.org, CIFS , linux-fsdevel , rgb@redhat.com, LKML , Linux Containers , Linux API , samba-technical Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Feb 19, 2019 at 5:42 PM David Howells wrote: > > Eric W. Biederman wrote: > > > So you missed the main mailing lists for discussion of this kind of > > thing > > Yeah, sorry about that. I was primarily aiming it at Trond and Steve as I'd > like to consider how to go about interpolating request_key() into NFS and CIFS > so that they can make use of the key-related facilities that this makes > available with AFS. I am interested in this discussion because I have gotten various questions about using Containers better on SMB3 mounts, and the question about doing request_key better comes up **a lot** on SMB3 mounts (not just for kerberos, Active Directory), and usability could be improved of some of the cifs-utils that cifs.ko depends on. Note that various virtualization/container identify features were added to the protocol a few years ago (which we don't yet implement in Linux) but which probably be **very** useful to followup on how these could be exposed to help containers on network mounts in Linux. See in particular this new protocol feature (implemented by various servers including Windows but not by Linux client yet) described in the protocol spec (MS-SMB2 section 2.2.9.2.1) - the "SMB2_REMOTED_IDENTITY_TREE_CONNECT context" which can be sent at mount time: https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-smb2/ee7ff411-93e0-484f-9f73-31916fee4cb8 This may be of interest to Samba server developers as well > > and the maintainer. > > That would be me. I maintain keyrings. -- Thanks, Steve