MCPcopy
hub / github.com/google/gvisor / SessionKeyring

Method SessionKeyring

pkg/sentry/kernel/task_key.go:26–39  ·  view source on GitHub ↗

SessionKeyring returns this Task's session keyring. Session keyrings are inherited from the parent when a task is started. If the session keyring is unset, it is implicitly initialized. As such, this function should never return ENOKEY.

()

Source from the content-addressed store, hash-verified

24// If the session keyring is unset, it is implicitly initialized.
25// As such, this function should never return ENOKEY.
26func (t *Task) SessionKeyring() (*auth.Key, error) {
27 t.mu.Lock()
28 defer t.mu.Unlock()
29 if t.sessionKeyring != nil {
30 // Verify that we still have access to this keyring.
31 creds := t.Credentials()
32 if !creds.HasKeyPermission(t.sessionKeyring, creds.PossessedKeys(t.sessionKeyring, nil, nil), auth.KeySearch) {
33 return nil, linuxerr.EACCES
34 }
35 return t.sessionKeyring, nil
36 }
37 // If we don't have a session keyring, implicitly create one.
38 return t.joinNewSessionKeyringLocked(auth.DefaultSessionKeyringName, auth.DefaultUnnamedSessionKeyringPermissions)
39}
40
41// joinNewSessionKeyringLocked creates a new session keyring with the given
42// description, and joins it immediately.

Callers 3

keyCtlGetKeyringIDFunction · 0.80
keyctlDescribeFunction · 0.80
keyctlSetPermFunction · 0.80

Calls 6

CredentialsMethod · 0.95
HasKeyPermissionMethod · 0.80
PossessedKeysMethod · 0.80
LockMethod · 0.65
UnlockMethod · 0.65

Tested by

no test coverage detected