David Howells <dhowells@xxxxxxxxxx> wrote: > (2) If a process's user_namespace doesn't match that recorded in a key then > it gets ENOKEY if it tries to refer to it or access it and can't see it > in /proc/keys. There's another possibility here - since user_namespaces are hierarchical, does it make sense to let a process see keys that are in an ancestral namespace? David _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linuxfoundation.org/mailman/listinfo/containers
