Re: [RFC PATCH 00/27] Containers and using authenticated filesystems

On Tue, Feb 19, 2019 at 5:42 PM David Howells wrote: > > Eric W. Biederman wrote: > > > So you missed the main mailing lists for discussion of this kind of > > thing > > Yeah, sorry about that. I was primarily aiming it at Trond and Steve as I'd > like to consider how to go about interpolating r

Re: [RFC PATCH 00/27] Containers and using authenticated filesystems

On Tue, Feb 19, 2019 at 10:35:20AM -0600, Eric W. Biederman wrote: > > So you missed the main mailing lists for discussion of this kind of > thing, and the maintainer. So I have reservations about the quality of > your due diligence already. > > Looking at your description you are introducing a

Re: [RFC PATCH 00/27] Containers and using authenticated filesystems

On Tue, Feb 19, 2019 at 6:42 PM David Howells wrote: > Eric W. Biederman wrote: ... > > Looking at your description you are introducing a container id. > > Yes. For audit logging, which was why I cc'd Richard. Not to pile on, but it is more important to CC the audit mailing list. You can obvi

Re: [RFC PATCH 00/27] Containers and using authenticated filesystems

Eric W. Biederman wrote: > So you missed the main mailing lists for discussion of this kind of > thing Yeah, sorry about that. I was primarily aiming it at Trond and Steve as I'd like to consider how to go about interpolating request_key() into NFS and CIFS so that they can make use of the key-

Re: [RFC PATCH 00/27] Containers and using authenticated filesystems

So you missed the main mailing lists for discussion of this kind of thing, and the maintainer. So I have reservations about the quality of your due diligence already. Looking at your description you are introducing a container id. You don't descibe which namespace your contianer id lives in. Wi

Re: [RFC PATCH 00/27] Containers and using authenticated filesystems

On Fri, 15 Feb 2019, David Howells wrote: > > Here's a collection of patches that containerises the kernel keys and makes > it possible to separate keys by namespace. This can be extended to any > filesystem that uses request_key() to obtain the pertinent authentication > token on entry to VFS o

[RFC PATCH 00/27] Containers and using authenticated filesystems

Here's a collection of patches that containerises the kernel keys and makes it possible to separate keys by namespace. This can be extended to any filesystem that uses request_key() to obtain the pertinent authentication token on entry to VFS or socket methods. I have this working with AFS and