[Devel] Re: [PATCH 0/3] keys: play nicely with user namespaces
David Howells
dhowells at redhat.com
Fri Dec 12 08:42:06 PST 2008
Serge E. Hallyn <serue at us.ibm.com> wrote:
> > I'm not sure, and that raises an interesting point. How do you alter the
> > UID and GID of keys that you're copying? You may have a set of keys with
> > different UIDs, for example.
>
> In fact that's the expectation, else why bother creating a new user
> namespace :)
>
> Ok so my preference is to keep them segragated and always empty on
> clone(CLONE_NEWUSER), and it sounds like that's the sanest thing right
> now. Please shout if I'm misunderstanding.
I think you're misunderstanding.
You can have, say, a keyring owned by UID 1, with three keys owned by UIDs 2,
3 and 4, respectively, and you could be, say, running as UID 5.
If you want to copy this keyring and these keys, do you just set the ownership
of the copies to your new UID? That might give you extra privileges.
David
_______________________________________________
Containers mailing list
Containers at lists.linux-foundation.org
https://lists.linux-foundation.org/mailman/listinfo/containers
More information about the Devel
mailing list