Serge E. Hallyn <serue@xxxxxxxxxx> wrote: > > I'm not sure, and that raises an interesting point. How do you alter the > > UID and GID of keys that you're copying? You may have a set of keys with > > different UIDs, for example. > > In fact that's the expectation, else why bother creating a new user > namespace :) > > Ok so my preference is to keep them segragated and always empty on > clone(CLONE_NEWUSER), and it sounds like that's the sanest thing right > now. Please shout if I'm misunderstanding. I think you're misunderstanding. You can have, say, a keyring owned by UID 1, with three keys owned by UIDs 2, 3 and 4, respectively, and you could be, say, running as UID 5. If you want to copy this keyring and these keys, do you just set the ownership of the copies to your new UID? That might give you extra privileges. David _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linux-foundation.org/mailman/listinfo/containers