MCPcopy
hub / github.com/google/gvisor / JoinSessionKeyring

Method JoinSessionKeyring

pkg/sentry/kernel/task_key.go:66–91  ·  view source on GitHub ↗

JoinSessionKeyring causes the task to join a keyring with the given key description (not ID). If `keyDesc` is nil, then the task joins a newly-instantiated session keyring instead.

(keyDesc *string)

Source from the content-addressed store, hash-verified

64// If `keyDesc` is nil, then the task joins a newly-instantiated session
65// keyring instead.
66func (t *Task) JoinSessionKeyring(keyDesc *string) (*auth.Key, error) {
67 t.mu.Lock()
68 defer t.mu.Unlock()
69 creds := t.Credentials()
70 possessed := creds.PossessedKeys(t.sessionKeyring, nil, nil)
71 var sessionKeyring *auth.Key
72 newKeyPerms := auth.DefaultUnnamedSessionKeyringPermissions
73 newKeyDesc := auth.DefaultSessionKeyringName
74 if keyDesc != nil {
75 creds.UserNamespace.Keys.ForEach(func(k *auth.Key) bool {
76 if k.Description == *keyDesc && creds.HasKeyPermission(k, possessed, auth.KeySearch) {
77 sessionKeyring = k
78 return true
79 }
80 return false
81 })
82 if sessionKeyring != nil {
83 t.Debugf("Joining existing session keyring with ID %d", sessionKeyring.ID)
84 t.sessionKeyring = sessionKeyring
85 return sessionKeyring, nil
86 }
87 newKeyDesc = *keyDesc
88 newKeyPerms = auth.DefaultNamedSessionKeyringPermissions
89 }
90 return t.joinNewSessionKeyringLocked(newKeyDesc, newKeyPerms)
91}
92
93// LookupKey looks up a key by ID using this task's credentials.
94func (t *Task) LookupKey(keyID auth.KeySerial) (*auth.Key, error) {

Callers 1

keyctlJoinSessionKeyringFunction · 0.80

Calls 8

CredentialsMethod · 0.95
DebugfMethod · 0.95
PossessedKeysMethod · 0.80
HasKeyPermissionMethod · 0.80
LockMethod · 0.65
UnlockMethod · 0.65
ForEachMethod · 0.45

Tested by

no test coverage detected