Uploaded image for project: 'Lustre'
  1. Lustre
  2. LU-17714

Cleanup user/session keyring usage

Details

    • 3
    • 9223372036854775807

    Description

      +underlined text+Thanks to patch "LU-17173 gss: user keys go to user keyring" https://review.whamcloud.com/52771 , user keys are now linked to the user keyring, instead of the session keyring.

      But the behavior implemented by this patch needs to be adjusted. We should not keep an extra reference on the user keyring for every user key being created. This leads to too many references on this keyring, and prevents proper destroy in case the system wants to clean it up (because the user logged off for instance).

      Moreover, we should handle the case where the user key is explicitly revoked, i.e. via 'keyctl revoke' on the command line. In this case, a good practice would be to carry out the same cleanup as when 'lfs flushctx' is called, in order to properly drop references on the key, and free the security context associated with the key.

      Attachments

        Issue Links

          is related to

          Bug - A problem which impairs or prevents the functions of the product. LU-18145 Fix key unlink for regular user

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved

          Activity

            [LU-17714] Cleanup user/session keyring usage
            gerrit Gerrit Updater added a comment -

            "Sebastien Buisson <sbuisson@ddn.com>" uploaded a new patch: https://review.whamcloud.com/c/fs/lustre-release/+/56517
            Subject: LU-17714 gss: support revoked session keyring for root
            Project: fs/lustre-release
            Branch: master
            Current Patch Set: 1
            Commit: 6decc797125cb0dd76399422c68362924268a99b

            gerrit Gerrit Updater added a comment - "Sebastien Buisson <sbuisson@ddn.com>" uploaded a new patch: https://review.whamcloud.com/c/fs/lustre-release/+/56517 Subject: LU-17714 gss: support revoked session keyring for root Project: fs/lustre-release Branch: master Current Patch Set: 1 Commit: 6decc797125cb0dd76399422c68362924268a99b
            pjones Peter Jones added a comment -

            Merged for 2.16

            pjones Peter Jones added a comment - Merged for 2.16
            gerrit Gerrit Updater added a comment -

            "Oleg Drokin <green@whamcloud.com>" merged in patch https://review.whamcloud.com/c/fs/lustre-release/+/55627/
            Subject: LU-17714 gss: support revoked session keyring
            Project: fs/lustre-release
            Branch: master
            Current Patch Set:
            Commit: bc740feeaa0b6c4968dbc5e74b9b1dac69c5150a

            gerrit Gerrit Updater added a comment - "Oleg Drokin <green@whamcloud.com>" merged in patch https://review.whamcloud.com/c/fs/lustre-release/+/55627/ Subject: LU-17714 gss: support revoked session keyring Project: fs/lustre-release Branch: master Current Patch Set: Commit: bc740feeaa0b6c4968dbc5e74b9b1dac69c5150a
            gerrit Gerrit Updater added a comment -

            "Sebastien Buisson <sbuisson@ddn.com>" uploaded a new patch: https://review.whamcloud.com/c/fs/lustre-release/+/55627
            Subject: LU-17714 gss: support revoked session keyring
            Project: fs/lustre-release
            Branch: master
            Current Patch Set: 1
            Commit: 88ea2c3d80901402f3b3b604177c1e109adc8abd

            gerrit Gerrit Updater added a comment - "Sebastien Buisson <sbuisson@ddn.com>" uploaded a new patch: https://review.whamcloud.com/c/fs/lustre-release/+/55627 Subject: LU-17714 gss: support revoked session keyring Project: fs/lustre-release Branch: master Current Patch Set: 1 Commit: 88ea2c3d80901402f3b3b604177c1e109adc8abd
            pjones Peter Jones added a comment -

            Merged for 2.16

            pjones Peter Jones added a comment - Merged for 2.16
            gerrit Gerrit Updater added a comment -

            "Oleg Drokin <green@whamcloud.com>" merged in patch https://review.whamcloud.com/c/fs/lustre-release/+/54706/
            Subject: LU-17714 gss: protect against revoked session keyring
            Project: fs/lustre-release
            Branch: master
            Current Patch Set:
            Commit: 045ab5c0273a843493ed2d6d3486b41efe36b834

            gerrit Gerrit Updater added a comment - "Oleg Drokin <green@whamcloud.com>" merged in patch https://review.whamcloud.com/c/fs/lustre-release/+/54706/ Subject: LU-17714 gss: protect against revoked session keyring Project: fs/lustre-release Branch: master Current Patch Set: Commit: 045ab5c0273a843493ed2d6d3486b41efe36b834
            gerrit Gerrit Updater added a comment -

            "Oleg Drokin <green@whamcloud.com>" merged in patch https://review.whamcloud.com/c/fs/lustre-release/+/54692/
            Subject: LU-17714 gss: cleanup user keyring usage
            Project: fs/lustre-release
            Branch: master
            Current Patch Set:
            Commit: afe0e091d1b82391a929df74717b9665a6f0ab75

            gerrit Gerrit Updater added a comment - "Oleg Drokin <green@whamcloud.com>" merged in patch https://review.whamcloud.com/c/fs/lustre-release/+/54692/ Subject: LU-17714 gss: cleanup user keyring usage Project: fs/lustre-release Branch: master Current Patch Set: Commit: afe0e091d1b82391a929df74717b9665a6f0ab75

            People

              sebastien Sebastien Buisson
              sebastien Sebastien Buisson
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: