Andy Lutomirski <luto@xxxxxxxxxxxxxx> wrote: > ... Perhaps we could simply *remove* the concept of named keys and keyrings. See Linus's dictum about breaking userspace. The problem isn't named keys: keys have to be named - the description is how they're looked up typically. Further, non-keyring keys can't be looked up directly by name - you have to search for them in a keyring. The issue here is named keyrings and keyctl_join_session_keyring(). It might well have been a bad idea - though I've seen some people arguing for a single session keyring shared across all a user's logins, in which case, we might want this after all (or use the user-default session). One thing we perhaps do want to do, though, is restrict the names of keyrings to the user_namespace in which the keyring was created. David _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linuxfoundation.org/mailman/listinfo/containers
