Add keyring package

In preparation for introducing support for the new filesystem-level
keyrings, move the existing user keyring management code from
security/keyring.go and crypto/crypto.go into a new package, 'keyring'.

This package provides functions AddEncryptionKey, RemoveEncryptionKey,
and GetEncryptionKeyStatus which delegate to either the filesystem
keyring (added by a later patch) or to the user keyring.  This provides
a common interface to both types of keyrings, to the extent possible.

1 files changed, 4 insertions, 4 deletions

diff --git a/security/privileges.go b/security/privileges.go
index 3a1ca81..e5751b5 100644
--- a/security/privileges.go
+++ b/security/privileges.go
@@ -19,9 +19,7 @@
 
 // Package security manages:
 //  - Cache clearing (cache.go)
-//  - Keyring Operations (keyring.go)
 //  - Privilege manipulation (privileges.go)
-//  - Maintaining the link between the root and user keyrings.
 package security
 
 // Use the libc versions of setreuid, setregid, and setgroups instead of the
@@ -142,7 +140,8 @@ func SetProcessPrivileges(privs *Privileges) error {
 	return nil
 }
 
-func setUids(ruid, euid, suid int) error {
+// SetUids sets the process's real, effective, and saved UIDs.
+func SetUids(ruid, euid, suid int) error {
 	log.Printf("Setting ruid=%d euid=%d suid=%d", ruid, euid, suid)
 	// We elevate all the privs before setting them. This prevents issues
 	// with (ruid=1000,euid=1000,suid=0), where just a single call to
@@ -156,7 +155,8 @@ func setUids(ruid, euid, suid int) error {
 	return nil
 }
 
-func getUids() (int, int, int) {
+// GetUids gets the process's real, effective, and saved UIDs.
+func GetUids() (int, int, int) {
 	var ruid, euid, suid C.uid_t
 	C.getresuid(&ruid, &euid, &suid)
 	return int(ruid), int(euid), int(suid)