On 06/18/2015 09:15 AM, Laurent Rineau wrote: > Le Thursday 18 June 2015 08:41:51 Daniel J Walsh a écrit : >> Actually this is a known problem with kernel keyrings not being >> namespace aware. Since the crond process created the keyring, root >> processes within the container are trying to use it and SELinux is >> blocking the access. We should probably just don'taudit access to the >> kernel keyring until we can get a keyring that works with namespaces. > Should I fill a bug report, or will you deal with this yourself? > Bug has been filed for a while, but little action on it. http://www.projectatomic.io/blog/2014/09/yet-another-reason-containers-don-t-contain-kernel-keyrings/ https://bugzilla.redhat.com/show_bug.cgi?id=1138601 -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
