On Mon, 2014-12-08 at 15:59 -0600, Eric W. Biederman wrote:
> David Howells <dhowells@xxxxxxxxxx> writes:
>
> > Andy Lutomirski <luto@xxxxxxxxxxxxxx> wrote:
> >
> >> - How should LSM security labels be translated?
> >
> > I'm definitely interested in that. Especially with respect to how to deal
> > with SELinux + overlay{fs,}/unionmount.
> >
> > Also, I'm interested in how keyrings should interact with namespaces. Should
> > keys be namespaced?
>
> Key lookups are already per user namespace, so I would call that
> namespaced. We do have the question with keys, should we allow
> duplicate key values so that checkpoint/restart can carry keys between
> different kernels.
>
> > And I'm also interested in how upcalls, including to /sbin/request-key, should
> > be dealt with.
>
> Good question. There is some ongoing discussion on that right now.
Aren't the upcalls exactly the same problem as NFS in a container (which
uses daemon upcalls). Can the existing solution for that be
generalised?
James
--
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
