diff for duplicates of <1495656774.3841.72.camel@linux.vnet.ibm.com> diff --git a/a/1.txt b/N1/1.txt index f25271a..a3164a2 100644 --- a/a/1.txt +++ b/N1/1.txt @@ -10,13 +10,13 @@ On Thu, 2017-05-11 at 10:59 -0300, Guilherme Magalhaes wrote: The design needs to be flexible enough for different types of containers, not just for when the orchestration layer provides the -policy. ?With this design, the container owner has no control over the +policy. With this design, the container owner has no control over the policy. One option is that we bind mount the securityfs/policy, so that root -in the container will be allowed to read/write the policy. ?At some +in the container will be allowed to read/write the policy. At some point, we might connect a vTPM to the container so that the container -owner would be able to get a quote. ?For now even without a vTPM, the +owner would be able to get a quote. For now even without a vTPM, the same mechanism would allow root within the container to read the measurement list. @@ -269,10 +269,3 @@ Mimi > +#endif > return -1; > } - - - --- -To unsubscribe from this list: send the line "unsubscribe linux-security-module" in -the body of a message to majordomo at vger.kernel.org -More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/a/content_digest b/N1/content_digest index 2c2d946..89b9c28 100644 --- a/a/content_digest +++ b/N1/content_digest @@ -1,9 +1,21 @@ "ref\01494511203-8397-1-git-send-email-guilherme.magalhaes@hpe.com\0" "ref\01494511203-8397-5-git-send-email-guilherme.magalhaes@hpe.com\0" - "From\0zohar@linux.vnet.ibm.com (Mimi Zohar)\0" - "Subject\0[RFC 04/11] ima: add support to namespace securityfs file\0" + "From\0Mimi Zohar <zohar@linux.vnet.ibm.com>\0" + "Subject\0Re: [RFC 04/11] ima: add support to namespace securityfs file\0" "Date\0Wed, 24 May 2017 16:12:54 -0400\0" - "To\0linux-security-module@vger.kernel.org\0" + "To\0Guilherme Magalhaes <guilherme.magalhaes@hpe.com>" + " dmitry.kasatkin@gmail.com\0" + "Cc\0viro@zeniv.linux.org.uk" + james.l.morris@oracle.com + serge@hallyn.com + linux-fsdevel@vger.kernel.org + linux-kernel@vger.kernel.org + linux-ima-devel@lists.sourceforge.net + linux-ima-user@lists.sourceforge.net + linux-security-module@vger.kernel.org + tycho@docker.com + joaquims@hpe.com + " nigel.edwards@hpe.com\0" "\00:1\0" "b\0" "On Thu, 2017-05-11 at 10:59 -0300, Guilherme Magalhaes wrote:\n" @@ -18,13 +30,13 @@ "\n" "The design needs to be flexible enough for different types of\n" "containers, not just for when the orchestration layer provides the\n" - "policy. ?With this design, the container owner has no control over the\n" + "policy. \302\240With this design, the container owner has no control over the\n" "policy.\n" "\n" "One option is that we bind mount the securityfs/policy, so that root\n" - "in the container will be allowed to read/write the policy. ?At some\n" + "in the container will be allowed to read/write the policy. \302\240At some\n" "point, we might connect a vTPM to the container so that the container\n" - "owner would be able to get a quote. ?For now even without a vTPM, the\n" + "owner would be able to get a quote. \302\240For now even without a vTPM, the\n" "same mechanism would allow root within the container to read the\n" "measurement list.\n" "\n" @@ -276,13 +288,6 @@ "> +\tsecurityfs_remove(ima_namespaces);\n" "> +#endif\n" "> \treturn -1;\n" - "> }\n" - "\n" - "\n" - "\n" - "--\n" - "To unsubscribe from this list: send the line \"unsubscribe linux-security-module\" in\n" - "the body of a message to majordomo at vger.kernel.org\n" - More majordomo info at http://vger.kernel.org/majordomo-info.html + > } -e8324235cd9df0c97625c6c37e997c5568ff7003878655b11cd0c5e40a16dcf7 +2c333344b8d0561f3ba8d8401c7ed253daa74a29caf3a7cf9db5eee65fe3ee69
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.