Tue Feb 22 13:59:05 PST 2011
by the user in your own user namespace.
We may want to look at this again, but for now I think that would be a
safe enough default. Later, we'll probably want the user creating a
child_user_ns to allow his keys to be inherited by the child user_ns.
Though, as I type that, it seems to me that that'll just become a
maintenance pain, and it's just plain safer to have the user re-enter
his keys, sharing them over a file if needed.
I'm going to not consider the TPM at the moment :)
> Possibly the trickiest problem with keys is how to upcall key construction to
> /sbin/request-key when the keys may be of a different user namespace.
Hm, jinkeys, yes.
More information about the Containers