Eric W. Biederman <ebiederm@xxxxxxxxxxxx> wrote: > So you missed the main mailing lists for discussion of this kind of > thing Yeah, sorry about that. I was primarily aiming it at Trond and Steve as I'd like to consider how to go about interpolating request_key() into NFS and CIFS so that they can make use of the key-related facilities that this makes available with AFS. And I was in a bit tight for time to mail it out before having to go out. I know, excuses... ;-) > and the maintainer. That would be me. I maintain keyrings. No one is listed in MAINTAINERS as owning namespaces. If you feel that should be you, please add a record. > Looking at your description you are introducing a container id. Yes. For audit logging, which was why I cc'd Richard. > You don't descibe which namespace your contianer id lives in. It doesn't. Not everything has to have a namespace. As you yourself pointed out, it should be globally unique, in which case the world is the namespace, maybe even the universe;-). > Without the container id living in a container this breaks > nested containers and process migration aka CRIU. As long as IDs are globally unique, why should break container migration? Having a kernel container object might even make CRIU easier. And what does "Without the container id living in a container" mean anyway? I have IDs attached to containers. A container can see the IDs of its child containers. There should be no problem with nesting. David