From 3704ed9f5dc8f4c91dd9c0c23332e6106d462550 Mon Sep 17 00:00:00 2001
From: antitree <antitree@users.noreply.github.com>
Date: Mon, 17 Aug 2020 11:54:14 -0400
Subject: [PATCH 1/2] adding link to the line of code fix

---
 README.md | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 3c188f4..ac92c14 100644
--- a/README.md
+++ b/README.md
@@ -169,7 +169,10 @@ Lets not say that user namespacing is a solution when enabling it breaks so many
 **Everyone knows about this issue, this isn't new**
 
 That this isn't new is mostly true in that it's been discussed since 2014 but it's been considered generally fixed since 
-we added masks to `/proc/keys` and fixed it via seccomp. 
+Docker added masks to `/proc/keys` and fixed it via seccomp. Furthermore, people are doing great work to fix this and modern kernels
+will have solved this by simpley checking the [UID of the syscall making the request to read a key](https://github.com/torvalds/linux/commit/ae5906ceee038ea29ff5162d1bcd18fb50af8b94#diff-6aa6955e244e0fd5e8b5449001823ab7R1755)
+but at the time of writing this, most environments (including cloud) did not have this feature. So it's not new, but it's not
+fixed either. 
 
 **No one uses keyrings**
 
@@ -181,6 +184,7 @@ containers in that every container can access any other container's keyrings inc
 1. Ensure that your container runtimes have support for namespaced keyrings: [It's possible](https://lwn.net/Articles/779895/), if anyone cares.
 2. Make some of the protections that seccomp provides like blocking `KEYCTL` syscalls completely a compiled in security control .
 3. Make seccomp usable in our runtimes. (See separate rant)
+4. Update to the latest kernel
 
 ## Known Issues
 

From e2117b0685e9662996999175e8845a3618f67339 Mon Sep 17 00:00:00 2001
From: antitree <antitree@users.noreply.github.com>
Date: Tue, 18 Aug 2020 13:10:26 -0400
Subject: [PATCH 2/2] Removing unnecessary module

---
 .gitmodules | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/.gitmodules b/.gitmodules
index bddce21..8b13789 100644
--- a/.gitmodules
+++ b/.gitmodules
@@ -1,3 +1 @@
-[submodule "example/docker-kerberos"]
-	path = example/docker-kerberos
-	url = git@github.com:ist-dsi/docker-kerberos.git
+