From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Serge E. Hallyn" Subject: [PATCH 0/3] keys: play nicely with user namespaces Date: Thu, 11 Dec 2008 17:23:23 -0600 Message-ID: <20081211232323.GA8343@us.ibm.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: Content-Disposition: inline List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: containers-bounces-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org Errors-To: containers-bounces-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org To: David Howells , "Eric W. Biederman" Cc: Linux Containers List-Id: containers.vger.kernel.org Hi David, so here is a first attempt at getting keys and uid namespaces to play nice. The semantics need some discussion. As I recall Eric and yourself appeared to agree that some keyrings should be inherited into child user namespaces. I segragate them cleanly bc that appears to be the simplest thing to do especially given the use of i.e. lookup_by_name("uid.500"). IMO it shouldn't be a big problem - userspace can always list keys it wants into a file, start a new user namespace, then re-read them out of the tempfile... Comments appreciated. thanks, -serge