well you can read user_namespaces(7), the beginning of it at least. it probably says something about keyrings. so either this info is incorrect, or I for example understand it wrongly, or whatever. Also, you know, when you say that currently containers have holes and so are still not really secure I don't actually see any example of that except this small number of things you just cannot do there at all (for example use/access audit or use fuse/file capabilities), and those like cgroups that are work in progress at this very moment. Well, file caps are also work in progress at the moment I believe, I saw some patches lately. I don't see such problems probably because I am not a security expert and I am not working with any kind of servers/containers in production, this technology is just extremely interesting for me.
W dniu 11.11.2016 o 19:41, Lennart Poettering pisze: > On Fri, 11.11.16 19:36, Michał Zegan (webczat_...@poczta.onet.pl) wrote: > >> Why do you turn off keyrings? at least manpages say that userns >> virtualizes keyrings or something similar... > > That'd be a new feature then... > > Lennart >
signature.asc
Description: OpenPGP digital signature
_______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
