Re: [PATCH v4] Introduce v3 namespaced file capabilities
From: Tycho Andersen
Date: Tue Jun 13 2017 - 17:10:06 EST
On Tue, Jun 13, 2017 at 04:59:30PM -0400, Mimi Zohar wrote:
> Assuming you want to support container specific executables, you would
> want them specifically signed by a key not on the system IMA keyring.
Yes, this is a good point.
Cheers,
Tycho