[PATCH 1/2] KEYS: Implement a big key type that can save to tmpfs

David Howells dhowells at redhat.com
Thu Aug 8 10:46:45 EDT 2013

Nico Williams <nico at cryptonector.com> wrote:

> b) how to create tmpfs locations in which to store credentials (which
> can be unbounded in size, so storing them in the kernel is silly;

Ummm...  tmpfs stores them in the kernel too - though it can page them out to

I have altered my big-key implementation to just store small items in an
internal buffer and big items in a tmpfs file.  This means that small items
will use up _less_ kernel memory if they're in a key because they won't require
the overhead of a dentry struct and an inode struct.

> (b) can be solved in many ways, and the simplest is to have a
> filesystem where top-level directories named after UIDs "exist" as
> soon as they are referenced and as long as they are non-empty.  You
> can use autofs + tmpfs, or a variant of tmpfs for this.

Don't forget to add user namespaces into the mix :-/


More information about the krbdev mailing list