In message <[email protected]>,Simon Wilkinson writes: >setpag we allocate two key objects. The first is a session keyring, >which we allocate as the user performing the setpag, and is counted >against their quota. The second is an object to contain the PAG, which >is allocated as root so that a user can't change the PAG that they are
actually i think i made it root so that the user couldnt read/write the key. the author once pointed out to me that if you prefix a key with '.' then the user, despite ownership, cannot create/delete keys. this might be a better solution in the long term. look at key_get_type_from_user() in security/keys/keyctl.c _______________________________________________ OpenAFS-devel mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-devel
