diff for duplicates of <1498174161.7636.4.camel@HansenPartnership.com> diff --git a/a/1.txt b/N1/1.txt index a872c0f..6ce3635 100644 --- a/a/1.txt +++ b/N1/1.txt @@ -9,11 +9,11 @@ On Thu, 2017-06-22 at 14:59 -0400, Stefan Berger wrote: > name when a user namespace is used. If for example the root user > in a user namespace writes the security.capability xattr, the name > of the xattr that is actually written is encoded as -> security.capability at uid=1000 for root mapped to uid 1000 on the host. +> security.capability(a)uid=1000 for root mapped to uid 1000 on the host. > When listing the xattrs on the host, the existing security.capability -> as well as the security.capability at uid=1000 will be shown. Inside the +> as well as the security.capability(a)uid=1000 will be shown. Inside the > namespace only 'security.capability', with the value of -> security.capability at uid=1000, is visible. +> security.capability(a)uid=1000, is visible. I'm a bit bothered by the @uid=1000 suffix. What if I want to use this capability but am dynamically mapping the namespaces (i.e. I know I @@ -30,9 +30,3 @@ specific xattrs based on where root is mapped to, unless there's a use case I'm missing? James - - --- -To unsubscribe from this list: send the line "unsubscribe linux-security-module" in -the body of a message to majordomo at vger.kernel.org -More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/a/content_digest b/N1/content_digest index a0b4048..e4f19eb 100644 --- a/a/content_digest +++ b/N1/content_digest @@ -1,9 +1,9 @@ "ref\01498157989-11814-1-git-send-email-stefanb@linux.vnet.ibm.com\0" - "From\0James.Bottomley@hansenpartnership.com (James Bottomley)\0" - "Subject\0[PATCH 0/3] Enable namespaced file capabilities\0" + "From\0James Bottomley <James.Bottomley@hansenpartnership.com>\0" + "Subject\0Re: [PATCH 0/3] Enable namespaced file capabilities\0" "Date\0Thu, 22 Jun 2017 16:29:21 -0700\0" - "To\0linux-security-module@vger.kernel.org\0" - "\00:1\0" + "To\0lkp@lists.01.org\0" + "\01:1\0" "b\0" "On Thu, 2017-06-22 at 14:59 -0400, Stefan Berger wrote:\n" "> This series of patches primary goal is to enable file capabilities\n" @@ -16,11 +16,11 @@ "> name when a user namespace is used. If for example the root user\n" "> in a user namespace writes the security.capability xattr, the name\n" "> of the xattr that is actually written is encoded as\n" - "> security.capability at uid=1000 for root mapped to uid 1000 on the host.\n" + "> security.capability(a)uid=1000 for root mapped to uid 1000 on the host.\n" "> When listing the xattrs on the host, the existing security.capability\n" - "> as well as the security.capability at uid=1000 will be shown. Inside the\n" + "> as well as the security.capability(a)uid=1000 will be shown. Inside the\n" "> namespace only 'security.capability', with the value of\n" - "> security.capability at uid=1000, is visible.\n" + "> security.capability(a)uid=1000, is visible.\n" "\n" "I'm a bit bothered by the @uid=1000 suffix. What if I want to use this\n" "capability but am dynamically mapping the namespaces (i.e. I know I\n" @@ -36,12 +36,6 @@ "specific xattrs based on where root is mapped to, unless there's a use\n" "case I'm missing?\n" "\n" - "James\n" - "\n" - "\n" - "--\n" - "To unsubscribe from this list: send the line \"unsubscribe linux-security-module\" in\n" - "the body of a message to majordomo at vger.kernel.org\n" - More majordomo info at http://vger.kernel.org/majordomo-info.html + James -50d14d8566b30e29215ee2b5d4b056365d111001297bc7568d656d6f67b86631 +062b3ae4f19a0f34bdd3c2a5367bf99b61af5e1842bcada76ff2576d99593672
diff --git a/a/1.txt b/N2/1.txt index a872c0f..1656f6f 100644 --- a/a/1.txt +++ b/N2/1.txt @@ -9,11 +9,11 @@ On Thu, 2017-06-22 at 14:59 -0400, Stefan Berger wrote: > name when a user namespace is used. If for example the root user > in a user namespace writes the security.capability xattr, the name > of the xattr that is actually written is encoded as -> security.capability at uid=1000 for root mapped to uid 1000 on the host. +> security.capability@uid=1000 for root mapped to uid 1000 on the host. > When listing the xattrs on the host, the existing security.capability -> as well as the security.capability at uid=1000 will be shown. Inside the +> as well as the security.capability@uid=1000 will be shown. Inside the > namespace only 'security.capability', with the value of -> security.capability at uid=1000, is visible. +> security.capability@uid=1000, is visible. I'm a bit bothered by the @uid=1000 suffix. What if I want to use this capability but am dynamically mapping the namespaces (i.e. I know I @@ -30,9 +30,3 @@ specific xattrs based on where root is mapped to, unless there's a use case I'm missing? James - - --- -To unsubscribe from this list: send the line "unsubscribe linux-security-module" in -the body of a message to majordomo at vger.kernel.org -More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/a/content_digest b/N2/content_digest index a0b4048..638f815 100644 --- a/a/content_digest +++ b/N2/content_digest @@ -1,8 +1,20 @@ "ref\01498157989-11814-1-git-send-email-stefanb@linux.vnet.ibm.com\0" - "From\0James.Bottomley@hansenpartnership.com (James Bottomley)\0" - "Subject\0[PATCH 0/3] Enable namespaced file capabilities\0" + "From\0James Bottomley <James.Bottomley@hansenpartnership.com>\0" + "Subject\0Re: [PATCH 0/3] Enable namespaced file capabilities\0" "Date\0Thu, 22 Jun 2017 16:29:21 -0700\0" - "To\0linux-security-module@vger.kernel.org\0" + "To\0Stefan Berger <stefanb@linux.vnet.ibm.com>" + ebiederm@xmission.com + " containers@lists.linux-foundation.org\0" + "Cc\0lkp@01.org" + xiaolong.ye@intel.com + linux-kernel@vger.kernel.org + zohar@linux.vnet.ibm.com + serge@hallyn.com + tycho@docker.com + christian.brauner@mailbox.org + vgoyal@redhat.com + amir73il@gmail.com + " linux-security-module@vger.kernel.org\0" "\00:1\0" "b\0" "On Thu, 2017-06-22 at 14:59 -0400, Stefan Berger wrote:\n" @@ -16,11 +28,11 @@ "> name when a user namespace is used. If for example the root user\n" "> in a user namespace writes the security.capability xattr, the name\n" "> of the xattr that is actually written is encoded as\n" - "> security.capability at uid=1000 for root mapped to uid 1000 on the host.\n" + "> security.capability@uid=1000 for root mapped to uid 1000 on the host.\n" "> When listing the xattrs on the host, the existing security.capability\n" - "> as well as the security.capability at uid=1000 will be shown. Inside the\n" + "> as well as the security.capability@uid=1000 will be shown. Inside the\n" "> namespace only 'security.capability', with the value of\n" - "> security.capability at uid=1000, is visible.\n" + "> security.capability@uid=1000, is visible.\n" "\n" "I'm a bit bothered by the @uid=1000 suffix. What if I want to use this\n" "capability but am dynamically mapping the namespaces (i.e. I know I\n" @@ -36,12 +48,6 @@ "specific xattrs based on where root is mapped to, unless there's a use\n" "case I'm missing?\n" "\n" - "James\n" - "\n" - "\n" - "--\n" - "To unsubscribe from this list: send the line \"unsubscribe linux-security-module\" in\n" - "the body of a message to majordomo at vger.kernel.org\n" - More majordomo info at http://vger.kernel.org/majordomo-info.html + James -50d14d8566b30e29215ee2b5d4b056365d111001297bc7568d656d6f67b86631 +eb3df01c4ba7b973f150b66532db97b585c90764612170563102f75d9320373f
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.