[PATCH 1/2] KEYS: Implement a big key type that can save to tmpfs
David Howells
dhowells at redhat.com
Thu Aug 8 10:46:45 EDT 2013
Nico Williams <nico at cryptonector.com> wrote:
> b) how to create tmpfs locations in which to store credentials (which
> can be unbounded in size, so storing them in the kernel is silly;
Ummm... tmpfs stores them in the kernel too - though it can page them out to
swap.
I have altered my big-key implementation to just store small items in an
internal buffer and big items in a tmpfs file. This means that small items
will use up _less_ kernel memory if they're in a key because they won't require
the overhead of a dentry struct and an inode struct.
> (b) can be solved in many ways, and the simplest is to have a
> filesystem where top-level directories named after UIDs "exist" as
> soon as they are referenced and as long as they are non-empty. You
> can use autofs + tmpfs, or a variant of tmpfs for this.
Don't forget to add user namespaces into the mix :-/
David
More information about the krbdev
mailing list