From ad36e96a3d54667dcde6f124a8c36d8e7bdbc4a3 Mon Sep 17 00:00:00 2001 From: Maximilian Blenk Date: Wed, 29 Jan 2020 18:10:38 +0100 Subject: [PATCH] doc: Add doc for keyring options Signed-off-by: Maximilian Blenk --- doc/lxc.container.conf.sgml.in | 38 ++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) diff --git a/doc/lxc.container.conf.sgml.in b/doc/lxc.container.conf.sgml.in index 784f83373..8dcadf7c5 100644 --- a/doc/lxc.container.conf.sgml.in +++ b/doc/lxc.container.conf.sgml.in @@ -1932,6 +1932,44 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA lxc.selinux.context = system_u:system_r:lxc_t:s0:c22 + + + + + + + Specify the SELinux context under which the container's keyring + should be created. By default this the same as lxc.selinux.context, or + the the context lxc is executed under if lxc.selinux.context has not been set. + + lxc.selinux.context.keyring = system_u:system_r:lxc_t:s0:c22 + + + + + + + Kernel Keyring + + The Linux Keyring facility is primarily a way for various + kernel components to retain or cache security data, authentication + keys, encryption keys, and other data in the kernel. By default lxc + will create a new session keyring for the started application. + + + + + + + + + Disable the creation of new session keyring by lxc. The started + application will then inherit the current session keyring. + By default, or when passing the value 1, a new keyring will be created. + + lxc.keyring.session = 0 + + -- 2.47.2