Details
Minor Description
+underlined text+Thanks to patch "LU-17173 gss: user keys go to user keyring" https://review.whamcloud.com/52771 , user keys are now linked to the user keyring, instead of the session keyring.
But the behavior implemented by this patch needs to be adjusted. We should not keep an extra reference on the user keyring for every user key being created. This leads to too many references on this keyring, and prevents proper destroy in case the system wants to clean it up (because the user logged off for instance).
Moreover, we should handle the case where the user key is explicitly revoked, i.e. via 'keyctl revoke' on the command line. In this case, a good practice would be to carry out the same cleanup as when 'lfs flushctx' is called, in order to properly drop references on the key, and free the security context associated with the key.