> Well we definitely need a way to timeout keys. The other reason is to be
Why ? We keep a key per-process, and wipe it from memory as soon as the
process dies. Its not time-related.
> able to "change your mind" about it while the key is being used. This may
> not be a useful thing for now but think of encrypted swaps on the
> infamous: oopsies-i-tripped-over-a-wire-and-disconnected-network-file-system
Your swapfile is coming from a remote NFS mount ? If your swap becomes
unavailable due to network problems, the swapped-out processes are
probably doomed anyway.
>
> Here we have a situation where we want to not have an expired key with
> valid data hanging out there.
Data is valid iff the owning process still lives. When do we need to
expire a key while its process is still alive (or keep a key valid for
pages of a dead process) ?
Yoav
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/