Keyrings, user namespaces and the user_struct

[David Howells]

David Howells <dhowells at redhat.com> wrote:

>  (2) If a process's user_namespace doesn't match that recorded in a key then
>      it gets ENOKEY if it tries to refer to it or access it and can't see it
>      in /proc/keys.

There's another possibility here - since user_namespaces are hierarchical,
does it make sense to let a process see keys that are in an ancestral
namespace?

David