9-11 September 2019
Europe/Lisbon timezone

Using kernel keyrings with containers

10 Sep 2019, 17:00
30m
Jade-room-I&II (Corinthia Hotel Lisbon)

Jade-room-I&II

Corinthia Hotel Lisbon

160

Speaker

Mr David Howells (Red Hat)

Description

The kernel contains a keyrings facility for handling tokens for filesystems and other kernel services to use. These are frequently disabled for container environments, however, because they were not made namespace aware by the authors of the user-namespace and others.

Unfortunately, this lack prevents various things from working inside containers. To get around this, keys are now being tagged with a namespace tag that allows keys operating in different namespaces to coexist in the same keyring and restrictions have been placed on joining session keyrings across namespaces.

This still isn't sufficient to make them truly useful here. Intended future developments include: granting a permit to use a key to a container; adding per-container keyrings; request-key upcall namespacing.

I agree to abide by the anti-harassment policy Yes

Primary author

Mr David Howells (Red Hat)

Presentation Materials

There are no materials yet.
Your browser is out of date!

Update your browser to view this website correctly. Update my browser now

×