namespaces todo list?
Jessica Frazelle
me at jessfraz.com
Wed May 31 17:26:49 UTC 2017
Most container runtimes create new session keyrings per container as
well, idk if that helps
On Wed, May 31, 2017 at 6:25 PM, Michał Zegan
<webczat_200 at poczta.onet.pl> wrote:
>
>
> W dniu 31.05.2017 o 19:14, Jessica Frazelle pisze:
>> On Wed, May 31, 2017 at 5:58 PM, Michał Zegan
>> <webczat_200 at poczta.onet.pl> wrote:
>>>
>>>
>>> W dniu 31.05.2017 o 17:23, Jessica Frazelle pisze:
>>>> You can catch up here[1] wrt the keyring and userns, David Howells is
>>>> working on more with the keyring currently[2] seems like from the set
>>>> of patches.
>>>>
>>>> [1] https://patchwork.kernel.org/patch/9394983/
>>> this patch is still in new state so not merged, hmm
>>
>> The state today is as described in that patch, which also goes over
>> the problems and designs. as well as the other link given which has
>> the more recent work.
>>
> so from what I've read in this patch, in the mailing list and even in
> the code it seems that the only really namespaced thing for now are
> persistent keyrings, and other things require consideration. Unless
> there is something beyond kernel/user_namespace.c that I've missed.
>>>> [2] https://marc.info/?l=linux-cgroups&w=2&r=1&s=David+Howells&q=b
>>>>
>>>> On Wed, May 31, 2017 at 4:17 PM, Michał Zegan
>>>> <webczat_200 at poczta.onet.pl> wrote:
>>>>>
>>>>>
>>>>> W dniu 31.05.2017 o 17:05, Jessica Frazelle pisze:
>>>>>>> 3 - keys, keyrings? are they namespace aware or not? I am quite lost in
>>>>>>> that regard, because I happen to hear conflicting statements.
>>>>>>
>>>>>> If you are using user namespaces, the keyring is namespaced.
>>>>>>
>>>>>>
>>>>>>
>>>>> so, from which kernel version is it namespaced? and, if it really is
>>>>> namespaced, then does it mean the only thing not currently resolved is
>>>>> request_key?
>>>>>
>>>>
>>>>
>>>>
>>>
>>
>>
>>
>
--
Jessie Frazelle
4096R / D4C4 DD60 0D66 F65A 8EFC 511E 18F3 685C 0022 BFF3
pgp.mit.edu
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
More information about the Linux-security-module-archive
mailing list