From mboxrd@z Thu Jan  1 00:00:00 1970
From: ebiederm@xmission.com (Eric W. Biederman)
Subject: Re: [LSF/MM TOPIC] Filesystem namespaces and uid/gid/lsm remapping
Date: Mon, 08 Dec 2014 15:59:12 -0600
Message-ID: <87ppbtrefj.fsf@x220.int.ebiederm.org>
References: <CALCETrVE2F2bcv4DjLOGL+R9Rn_4HEvRjifyOu1nA+gs7VgEeg@mail.gmail.com>
	<31764.1417802507@warthog.procyon.org.uk>
Mime-Version: 1.0
Content-Type: text/plain
Cc: Andy Lutomirski <luto@amacapital.net>,
	Linux FS Devel <linux-fsdevel@vger.kernel.org>,
	lsf-pc@lists.linux-foundation.org,
	Seth Forshee <seth.forshee@canonical.com>,
	Lukasz Pawelczyk <l.pawelczyk@samsung.com>,
	Richard Weinberger <richard@nod.at>
To: David Howells <dhowells@redhat.com>
Return-path: <linux-fsdevel-owner@vger.kernel.org>
Received: from out02.mta.xmission.com ([166.70.13.232]:49552 "EHLO
	out02.mta.xmission.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1752586AbaLHWBb (ORCPT
	<rfc822;linux-fsdevel@vger.kernel.org>);
	Mon, 8 Dec 2014 17:01:31 -0500
In-Reply-To: <31764.1417802507@warthog.procyon.org.uk> (David Howells's
	message of "Fri, 05 Dec 2014 18:01:47 +0000")
Sender: linux-fsdevel-owner@vger.kernel.org
List-ID: <linux-fsdevel.vger.kernel.org>

David Howells <dhowells@redhat.com> writes:

> Andy Lutomirski <luto@amacapital.net> wrote:
>
>>  - How should LSM security labels be translated?
>
> I'm definitely interested in that.  Especially with respect to how to deal
> with SELinux + overlay{fs,}/unionmount.
>
> Also, I'm interested in how keyrings should interact with namespaces.  Should
> keys be namespaced?

Key lookups are already per user namespace, so I would call that
namespaced.  We do have the question with keys, should we allow
duplicate key values so that checkpoint/restart can carry keys between
different kernels.

> And I'm also interested in how upcalls, including to /sbin/request-key, should
> be dealt with.

Good question.  There is some ongoing discussion on that right now.

Eric