yes. If I understand correct key management requires containerization (i.e. "virtualization") as well other subsystems like IPC dealing with IDs. Processes from one container should not be able to access keys from another container. David Howells wrote: > Am I right in thinking that a UID in one container is not necessarily > equivalent to the numerically equivalent UID in another container? > > If that's the case then the key management code will need changing as it > assumes all keys belonging to one numeric UID eat out of the same quota and > the numeric UIDs are used in security checks. > > Furthermore, processes in one container can access keys created by a process > in another container by ID. Is this desirable or not? > > David > _______________________________________________ > Containers mailing list > Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx > https://lists.linux-foundation.org/mailman/listinfo/containers > _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linux-foundation.org/mailman/listinfo/containers
