With runC we have a special flag for runc run that enables/disables the creation of a new kernel keyring. The main reason we have the option is that older kernels had issues with allocating a lot of keyrings (so in order to run containers on old kernels you need to disable the creation of a new keyring).
However, while keyrings aren't containerised on Linux, maybe it makes sense for us to include some keyring information in config-linux?
With runC we have a special flag for
runc runthat enables/disables the creation of a new kernel keyring. The main reason we have the option is that older kernels had issues with allocating a lot of keyrings (so in order to run containers on old kernels you need to disable the creation of a new keyring).However, while keyrings aren't containerised on Linux, maybe it makes sense for us to include some keyring information in
config-linux?