well you can read user_namespaces(7), the beginning of it at least. it
probably says something about keyrings. so either this info is
incorrect, or I for example understand it wrongly, or whatever.
Also, you know, when you say that currently containers have holes and so
are still not really secure
Why do you turn off keyrings? at least manpages say that userns
virtualizes keyrings or something similar...
W dniu 11.11.2016 o 19:24, Lennart Poettering pisze:
> On Fri, 11.11.16 19:21, Michał Zegan (webczat_...@poczta.onet.pl) wrote:
>
>> audit/autofs are not properly virtualized, I know. But
On Fri, 11.11.16 19:36, Michał Zegan (webczat_...@poczta.onet.pl) wrote:
> Why do you turn off keyrings? at least manpages say that userns
> virtualizes keyrings or something similar...
That'd be a new feature then...
Lennart
--
Lennart Poettering, Red Hat
On Fri, 11.11.16 19:21, Michał Zegan (webczat_...@poczta.onet.pl) wrote:
> audit/autofs are not properly virtualized, I know. But I thought
> keyrings and cgroups are.
most container managers turn off keyrings entirely (as we do in nspawn
actually).
delegating controllers in cgroupsv1 is
audit/autofs are not properly virtualized, I know. But I thought
keyrings and cgroups are.
W dniu 11.11.2016 o 18:28, Lennart Poettering pisze:
> On Fri, 11.11.16 16:41, Michał Zegan (webczat_...@poczta.onet.pl) wrote:
>
>> Thank you for your answers!
>>
>> What I meant by secure containers is
On Fri, 11.11.16 16:41, Michał Zegan (webczat_...@poczta.onet.pl) wrote:
> Thank you for your answers!
>
> What I meant by secure containers is mostly, containers that are or will
> be secure enough to use them for things like virtual private server
> hosting. Is nspawn intended to be usable for
Thank you for your answers!
What I meant by secure containers is mostly, containers that are or will
be secure enough to use them for things like virtual private server
hosting. Is nspawn intended to be usable for such things in the future,
or maybe it already is, or whatever?
What kernel
On Wed, 09.11.16 18:24, Michał Zegan (webczat_...@poczta.onet.pl) wrote:
> Hello.
>
> Does systemd-nspawn intent to be a full secure container technology? or
> it maybe already is? what is missing?
I am not sure what "full secure container technology" realls is
supposed to mean.
nspawn right