From: me@jessfraz.com (Jessica Frazelle)
To: linux-security-module@vger.kernel.org
Subject: namespaces todo list?
Date: Wed, 31 May 2017 18:26:49 +0100 [thread overview]
Message-ID: <CAEk6tEzR6-+8ecEEVsS3QHTtqostmk7Aj8o31m2af17mnibB8Q@mail.gmail.com> (raw)
In-Reply-To: <b4463d8c-dece-babe-42d8-58f23b2a6cd6@poczta.onet.pl>
Most container runtimes create new session keyrings per container as
well, idk if that helps
On Wed, May 31, 2017 at 6:25 PM, Micha? Zegan
<webczat_200@poczta.onet.pl> wrote:
>
>
> W dniu 31.05.2017 o 19:14, Jessica Frazelle pisze:
>> On Wed, May 31, 2017 at 5:58 PM, Micha? Zegan
>> <webczat_200@poczta.onet.pl> wrote:
>>>
>>>
>>> W dniu 31.05.2017 o 17:23, Jessica Frazelle pisze:
>>>> You can catch up here[1] wrt the keyring and userns, David Howells is
>>>> working on more with the keyring currently[2] seems like from the set
>>>> of patches.
>>>>
>>>> [1] https://patchwork.kernel.org/patch/9394983/
>>> this patch is still in new state so not merged, hmm
>>
>> The state today is as described in that patch, which also goes over
>> the problems and designs. as well as the other link given which has
>> the more recent work.
>>
> so from what I've read in this patch, in the mailing list and even in
> the code it seems that the only really namespaced thing for now are
> persistent keyrings, and other things require consideration. Unless
> there is something beyond kernel/user_namespace.c that I've missed.
>>>> [2] https://marc.info/?l=linux-cgroups&w=2&r=1&s=David+Howells&q=b
>>>>
>>>> On Wed, May 31, 2017 at 4:17 PM, Micha? Zegan
>>>> <webczat_200@poczta.onet.pl> wrote:
>>>>>
>>>>>
>>>>> W dniu 31.05.2017 o 17:05, Jessica Frazelle pisze:
>>>>>>> 3 - keys, keyrings? are they namespace aware or not? I am quite lost in
>>>>>>> that regard, because I happen to hear conflicting statements.
>>>>>>
>>>>>> If you are using user namespaces, the keyring is namespaced.
>>>>>>
>>>>>>
>>>>>>
>>>>> so, from which kernel version is it namespaced? and, if it really is
>>>>> namespaced, then does it mean the only thing not currently resolved is
>>>>> request_key?
>>>>>
>>>>
>>>>
>>>>
>>>
>>
>>
>>
>
--
Jessie Frazelle
4096R / D4C4 DD60 0D66 F65A 8EFC 511E 18F3 685C 0022 BFF3
pgp.mit.edu
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2017-05-31 17:26 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <82271f8b-c366-28b1-90ac-3b0780490fa5@poczta.onet.pl>
2017-05-31 14:22 ` namespaces todo list? Paul Moore
2017-05-31 15:05 ` Jessica Frazelle
[not found] ` <1139e982-0096-1d5c-3ea1-b7607907b9c2@poczta.onet.pl>
2017-05-31 15:23 ` Jessica Frazelle
[not found] ` <c1386ea9-bd54-9f73-2bbf-9f331cfb4aa2@poczta.onet.pl>
2017-05-31 17:14 ` Jessica Frazelle
[not found] ` <b4463d8c-dece-babe-42d8-58f23b2a6cd6@poczta.onet.pl>
2017-05-31 17:26 ` Jessica Frazelle [this message]
[not found] ` <ef81909d-4d2b-6712-c0c0-c00d6f02ee7d@poczta.onet.pl>
2017-05-31 17:35 ` Jessica Frazelle
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAEk6tEzR6-+8ecEEVsS3QHTtqostmk7Aj8o31m2af17mnibB8Q@mail.gmail.com \
--to=me@jessfraz.com \
--cc=linux-security-module@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).