Keyrings, user namespaces and the user_struct
David Howells
dhowells at redhat.com
Tue Oct 25 16:53:32 UTC 2016
David Howells <dhowells at redhat.com> wrote:
> (2) If a process's user_namespace doesn't match that recorded in a key then
> it gets ENOKEY if it tries to refer to it or access it and can't see it
> in /proc/keys.
There's another possibility here - since user_namespaces are hierarchical,
does it make sense to let a process see keys that are in an ancestral
namespace?
David
More information about the Containers
mailing list