diff for duplicates of <1496418474.13822.6.camel@redhat.com> diff --git a/a/1.txt b/N1/1.txt index 0c2b939..73965c6 100644 --- a/a/1.txt +++ b/N1/1.txt @@ -66,7 +66,7 @@ That's the ultimate problem I'd like to see solved here. > Docker does it, so does flatpak: > https://github.com/flatpak/flatpak/blob/ea7077fcd431fb98fe85cd815cbd2ec13df58d09/common/flatpak-run.c#L4007 > and Chrome: -> https://cs.chromium.org/chromium/src/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc?q=keyctl&dr=C&l=791 +> https://cs.chromium.org/chromium/src/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc?q=keyctl&dr=C&ly1 > > But I'm a bit uncertain about *relying* on the seccomp filtering. Particularly > because we do want the "init container" approach to work and be able @@ -101,8 +101,4 @@ to containers that you trust to register a sane handler. CAP_SYS_ADMIN could include that capability, of course. -- -Jeff Layton <jlayton-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org> --- -To unsubscribe from this list: send the line "unsubscribe linux-nfs" in -the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org -More majordomo info at http://vger.kernel.org/majordomo-info.html +Jeff Layton <jlayton@redhat.com> diff --git a/a/content_digest b/N1/content_digest index fc63b1a..77b3008 100644 --- a/a/content_digest +++ b/N1/content_digest @@ -2,20 +2,19 @@ "ref\0149616052408.10194.7774163568767478808.stgit@warthog.procyon.org.uk\0" "ref\03412.1496242065@warthog.procyon.org.uk\0" "ref\01496244979.313075.994296480.7C5735E8@webmail.messagingengine.com\0" - "ref\01496244979.313075.994296480.7C5735E8-2RFepEojUI2N1INw9kWLP6GC3tUn3ZHUQQ4Iyu8u01E@public.gmane.org\0" - "From\0Jeff Layton <jlayton-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>\0" + "From\0Jeff Layton <jlayton@redhat.com>\0" "Subject\0Re: [RFC PATCH] KEYS: Allow a live daemon in a namespace to service request_key upcalls\0" - "Date\0Fri, 02 Jun 2017 11:47:54 -0400\0" - "To\0Colin Walters <walters-gPq2gbYjIk8dnm+yROfE0A@public.gmane.org>" - " David Howells <dhowells-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>\0" - "Cc\0James.Bottomley-d9PhHud1JfjCXq6kfMZ53/egYHeGw8Jk@public.gmane.org" - ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org - linux-nfs-u79uwXL29TY76Z2rM5mHXA@public.gmane.org - containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org - linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org - keyrings-u79uwXL29TY76Z2rM5mHXA@public.gmane.org - linux-fsdevel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org - " cgroups-u79uwXL29TY76Z2rM5mHXA@public.gmane.org\0" + "Date\0Fri, 02 Jun 2017 15:47:54 +0000\0" + "To\0Colin Walters <walters@verbum.org>" + " David Howells <dhowells@redhat.com>\0" + "Cc\0James.Bottomley@hansenpartnership.com" + ebiederm@xmission.com + linux-nfs@vger.kernel.org + containers@lists.linux-foundation.org + linux-kernel@vger.kernel.org + keyrings@vger.kernel.org + linux-fsdevel@vger.kernel.org + " cgroups@vger.kernel.org\0" "\00:1\0" "b\0" "On Wed, 2017-05-31 at 11:36 -0400, Colin Walters wrote:\n" @@ -86,7 +85,7 @@ "> Docker does it, so does flatpak:\n" "> https://github.com/flatpak/flatpak/blob/ea7077fcd431fb98fe85cd815cbd2ec13df58d09/common/flatpak-run.c#L4007\n" "> and Chrome:\n" - "> https://cs.chromium.org/chromium/src/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc?q=keyctl&dr=C&l=791\n" + "> https://cs.chromium.org/chromium/src/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc?q=keyctl&dr=C&ly1\n" "> \n" "> But I'm a bit uncertain about *relying* on the seccomp filtering. Particularly\n" "> because we do want the \"init container\" approach to work and be able\n" @@ -121,10 +120,6 @@ "could include that capability, of course.\n" "\n" "-- \n" - "Jeff Layton <jlayton-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>\n" - "--\n" - "To unsubscribe from this list: send the line \"unsubscribe linux-nfs\" in\n" - "the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org\n" - More majordomo info at http://vger.kernel.org/majordomo-info.html + Jeff Layton <jlayton@redhat.com> -bce54f158f5a6867b17b683835dd45ee50c894d08d1dab6b8cabd3aa0d1eee64 +605d6da55c3becf1a80d9f2ea6958f86173d62332d6d0c19d3713183236761a0
diff --git a/a/1.txt b/N2/1.txt index 0c2b939..b317e42 100644 --- a/a/1.txt +++ b/N2/1.txt @@ -101,8 +101,4 @@ to containers that you trust to register a sane handler. CAP_SYS_ADMIN could include that capability, of course. -- -Jeff Layton <jlayton-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org> --- -To unsubscribe from this list: send the line "unsubscribe linux-nfs" in -the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org -More majordomo info at http://vger.kernel.org/majordomo-info.html +Jeff Layton <jlayton@redhat.com> diff --git a/a/content_digest b/N2/content_digest index fc63b1a..584927d 100644 --- a/a/content_digest +++ b/N2/content_digest @@ -2,20 +2,19 @@ "ref\0149616052408.10194.7774163568767478808.stgit@warthog.procyon.org.uk\0" "ref\03412.1496242065@warthog.procyon.org.uk\0" "ref\01496244979.313075.994296480.7C5735E8@webmail.messagingengine.com\0" - "ref\01496244979.313075.994296480.7C5735E8-2RFepEojUI2N1INw9kWLP6GC3tUn3ZHUQQ4Iyu8u01E@public.gmane.org\0" - "From\0Jeff Layton <jlayton-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>\0" + "From\0Jeff Layton <jlayton@redhat.com>\0" "Subject\0Re: [RFC PATCH] KEYS: Allow a live daemon in a namespace to service request_key upcalls\0" "Date\0Fri, 02 Jun 2017 11:47:54 -0400\0" - "To\0Colin Walters <walters-gPq2gbYjIk8dnm+yROfE0A@public.gmane.org>" - " David Howells <dhowells-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>\0" - "Cc\0James.Bottomley-d9PhHud1JfjCXq6kfMZ53/egYHeGw8Jk@public.gmane.org" - ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org - linux-nfs-u79uwXL29TY76Z2rM5mHXA@public.gmane.org - containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org - linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org - keyrings-u79uwXL29TY76Z2rM5mHXA@public.gmane.org - linux-fsdevel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org - " cgroups-u79uwXL29TY76Z2rM5mHXA@public.gmane.org\0" + "To\0Colin Walters <walters@verbum.org>" + " David Howells <dhowells@redhat.com>\0" + "Cc\0James.Bottomley@hansenpartnership.com" + ebiederm@xmission.com + linux-nfs@vger.kernel.org + containers@lists.linux-foundation.org + linux-kernel@vger.kernel.org + keyrings@vger.kernel.org + linux-fsdevel@vger.kernel.org + " cgroups@vger.kernel.org\0" "\00:1\0" "b\0" "On Wed, 2017-05-31 at 11:36 -0400, Colin Walters wrote:\n" @@ -121,10 +120,6 @@ "could include that capability, of course.\n" "\n" "-- \n" - "Jeff Layton <jlayton-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>\n" - "--\n" - "To unsubscribe from this list: send the line \"unsubscribe linux-nfs\" in\n" - "the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org\n" - More majordomo info at http://vger.kernel.org/majordomo-info.html + Jeff Layton <jlayton@redhat.com> -bce54f158f5a6867b17b683835dd45ee50c894d08d1dab6b8cabd3aa0d1eee64 +06fda3f56baf5a1e0977b7101df2ff8cfcbe77390669279cfe837b9934564b96
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.