I have given a look at the relevant sources for the fedora kernel (upstream it is just the same). It appears that nfsid keys should be created within the keyring
However they do still count toward the quota of root (whence the problem).
This is quite surprising and, unless I am misrepresenting the situation, it could be a bug somewhere else.
I have given a look at the relevant sources for the fedora kernel (upstream it is just the same). It appears that nfsid keys should be created within the keyring
keyring = key_alloc( &key_type_ keyring, ".id_resolver", 0, 0, cred,
(KEY_POS_ ALL & ~KEY_POS_SETATTR) |
KEY_USR_ VIEW | KEY_USR_READ,
KEY_ALLOC_ NOT_IN_ QUOTA);
in idmap.c
However they do still count toward the quota of root (whence the problem).
This is quite surprising and, unless I am misrepresenting the situation, it could be a bug somewhere else.