[PATCH] KEYS: allow changing key ownership with CAP_SYS_ADMIN in a NS

David Howells dhowells at redhat.com
Tue Oct 3 15:04:56 UTC 2017


Eric W. Biederman <ebiederm at xmission.com> wrote:

> Yes.  It sounds like either we need to change something in the
> implementation of keys so they have a clear user namespace owner
> or implement capable_wrt_key_uidgid.

I'm thinking on the lines of making keys belong to a namespace in some way,
and automatically invalidating them when the owning namespace is deleted.
This will cause all links to them to be gc'd and thence the keys themselves.

David


More information about the Containers mailing list