On Fri, Jun 10, 2022 at 6:59 AM Roberto Sassu roberto.sassu@huawei.com wrote:
keyring = (keyring_id == U16_MAX) ?
cred->session_keyring : (struct key *)keyring_id;
This is too limiting. bpf prog should be able to do what *key syscalls can do. By doing lookup_user_key(id) -> keyring. Maybe it's ok to have a special reserved id that does cred->sessions_keyring as a shortcut, but that's an optimization.