Re: cleaning up keyrings
- From: Alan Cox <alan lxorguk ukuu org uk>
- To: "Ray Strode" <halfline gmail com>
- Cc: Havoc Pennington <hp redhat com>, desktop-devel-list gnome org, David Zeuthen <david fubar dk>
- Subject: Re: cleaning up keyrings
- Date: Wed, 29 Aug 2007 22:31:51 +0100
On Wed, 29 Aug 2007 16:39:04 -0400
"Ray Strode" <halfline gmail com> wrote:
> On 8/29/07, Alan Cox <alan lxorguk ukuu org uk> wrote:
> > > Are you asking for an unencrypted area that only one application has
> > > read access to? If so, you might be able to do something like that
> > > with SELinux (or AppArmor?), but I don't think it would be a very
> > > robust solution.
> > The Linux kernel key service can do this for session/user/user+session
> > and other key types, and you can use SELinux labels on it.
> But the kernel keyring isn't persistent across reboots is it?
It provides a mechanism to manage the keys and to use SELinux labels on
them to control access. If you want to save them across reboots then that
would need user space involvement as well.
] [Thread Prev