diff for duplicates of <1498237641.3641.15.camel@HansenPartnership.com> diff --git a/a/1.txt b/N1/1.txt index a460748..42ec0db 100644 --- a/a/1.txt +++ b/N1/1.txt @@ -1,5 +1,5 @@ On Fri, 2017-06-23 at 11:30 -0500, Serge E. Hallyn wrote: -> Quoting Casey Schaufler (casey at schaufler-ca.com): +> Quoting Casey Schaufler (casey(a)schaufler-ca.com): > > Or maybe just security.ns.capability, taking James' comment into > > account. > @@ -20,21 +20,16 @@ I build an image locally, mapping my uid (1000) to root. If I begin with a standard base, each of the files has a security.ima signature. Now I add my layer, which involves updating a file, so I need to write a new signature to security.ima. Because I'm running user namespaced, -the update gets written at security.ima at uid=1000 when I do a docker +the update gets written at security.ima(a)uid=1000 when I do a docker save. Now supposing I deploy that image to a cloud. As a tenant, the cloud gives me real uid 4531 and maps that to root. Execution of the binary fails because it tries to use the underlying signature (in -security.ima) as there is no xattr named security.ima at uid=4531 +security.ima) as there is no xattr named security.ima(a)uid=4531 So my essential point is that building the real kuid into the permanent record of the xattr damages image portability, which is touted as one of the real advantages of container images. James - --- -To unsubscribe from this list: send the line "unsubscribe linux-security-module" in -the body of a message to majordomo at vger.kernel.org -More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/a/content_digest b/N1/content_digest index 04cac16..9deddf6 100644 --- a/a/content_digest +++ b/N1/content_digest @@ -1,16 +1,12 @@ - "ref\01498157989-11814-1-git-send-email-stefanb@linux.vnet.ibm.com\0" - "ref\0CAOQ4uxj=_Riih1K+QOYasZU8vZKCSrsg393f=17mJ2O-909e=Q@mail.gmail.com\0" - "ref\020170623160026.GA18257@mail.hallyn.com\0" - "ref\0aa62373e-7cd6-39dd-2e38-2b6d6dbe18a8@schaufler-ca.com\0" "ref\020170623163030.GA18820@mail.hallyn.com\0" - "From\0James.Bottomley@hansenpartnership.com (James Bottomley)\0" - "Subject\0[PATCH 0/3] Enable namespaced file capabilities\0" + "From\0James Bottomley <James.Bottomley@hansenpartnership.com>\0" + "Subject\0Re: [PATCH 0/3] Enable namespaced file capabilities\0" "Date\0Fri, 23 Jun 2017 10:07:21 -0700\0" - "To\0linux-security-module@vger.kernel.org\0" - "\00:1\0" + "To\0lkp@lists.01.org\0" + "\01:1\0" "b\0" "On Fri, 2017-06-23 at 11:30 -0500, Serge E. Hallyn wrote:\n" - "> Quoting Casey Schaufler (casey at schaufler-ca.com):\n" + "> Quoting Casey Schaufler (casey(a)schaufler-ca.com):\n" "> > Or maybe just security.ns.capability, taking James' comment into\n" "> > account.\n" "> \n" @@ -31,23 +27,18 @@ "with a standard base, each of the files has a security.ima signature. \n" " Now I add my layer, which involves updating a file, so I need to write\n" "a new signature to security.ima. Because I'm running user namespaced,\n" - "the update gets written at security.ima at uid=1000 when I do a docker\n" + "the update gets written at security.ima(a)uid=1000 when I do a docker\n" "save. \n" "\n" "Now supposing I deploy that image to a cloud. As a tenant, the cloud\n" "gives me real uid 4531 and maps that to root. Execution of the binary\n" "fails because it tries to use the underlying signature (in\n" - "security.ima) as there is no xattr named security.ima at uid=4531\n" + "security.ima) as there is no xattr named security.ima(a)uid=4531\n" "\n" "So my essential point is that building the real kuid into the permanent\n" "record of the xattr damages image portability, which is touted as one\n" "of the real advantages of container images.\n" "\n" - "James\n" - "\n" - "--\n" - "To unsubscribe from this list: send the line \"unsubscribe linux-security-module\" in\n" - "the body of a message to majordomo at vger.kernel.org\n" - More majordomo info at http://vger.kernel.org/majordomo-info.html + James -8206f17f7bcef51deb1fd6c937fdd05a8961d8618c3d526c2764300b4bae078f +81aef3ce839303195d5123677d638b01982a4f48c9cec05edfc592b8cd11ea8e
diff --git a/a/1.txt b/N2/1.txt index a460748..2d54501 100644 --- a/a/1.txt +++ b/N2/1.txt @@ -1,5 +1,5 @@ On Fri, 2017-06-23 at 11:30 -0500, Serge E. Hallyn wrote: -> Quoting Casey Schaufler (casey at schaufler-ca.com): +> Quoting Casey Schaufler (casey@schaufler-ca.com): > > Or maybe just security.ns.capability, taking James' comment into > > account. > @@ -20,21 +20,16 @@ I build an image locally, mapping my uid (1000) to root. If I begin with a standard base, each of the files has a security.ima signature. Now I add my layer, which involves updating a file, so I need to write a new signature to security.ima. Because I'm running user namespaced, -the update gets written at security.ima at uid=1000 when I do a docker +the update gets written at security.ima@uid=1000 when I do a docker save. Now supposing I deploy that image to a cloud. As a tenant, the cloud gives me real uid 4531 and maps that to root. Execution of the binary fails because it tries to use the underlying signature (in -security.ima) as there is no xattr named security.ima at uid=4531 +security.ima) as there is no xattr named security.ima@uid=4531 So my essential point is that building the real kuid into the permanent record of the xattr damages image portability, which is touted as one of the real advantages of container images. James - --- -To unsubscribe from this list: send the line "unsubscribe linux-security-module" in -the body of a message to majordomo at vger.kernel.org -More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/a/content_digest b/N2/content_digest index 04cac16..7994052 100644 --- a/a/content_digest +++ b/N2/content_digest @@ -3,14 +3,27 @@ "ref\020170623160026.GA18257@mail.hallyn.com\0" "ref\0aa62373e-7cd6-39dd-2e38-2b6d6dbe18a8@schaufler-ca.com\0" "ref\020170623163030.GA18820@mail.hallyn.com\0" - "From\0James.Bottomley@hansenpartnership.com (James Bottomley)\0" - "Subject\0[PATCH 0/3] Enable namespaced file capabilities\0" + "From\0James Bottomley <James.Bottomley@hansenpartnership.com>\0" + "Subject\0Re: [PATCH 0/3] Enable namespaced file capabilities\0" "Date\0Fri, 23 Jun 2017 10:07:21 -0700\0" - "To\0linux-security-module@vger.kernel.org\0" + "To\0Serge E. Hallyn <serge@hallyn.com>" + " Casey Schaufler <casey@schaufler-ca.com>\0" + "Cc\0Amir Goldstein <amir73il@gmail.com>" + Stefan Berger <stefanb@linux.vnet.ibm.com> + Eric W. Biederman <ebiederm@xmission.com> + Linux Containers <containers@lists.linux-foundation.org> + lkp@01.org + xiaolong.ye@intel.com + linux-kernel <linux-kernel@vger.kernel.org> + Mimi Zohar <zohar@linux.vnet.ibm.com> + Tycho Andersen <tycho@docker.com> + christian.brauner@mailbox.org + Vivek Goyal <vgoyal@redhat.com> + " LSM List <linux-security-module@vger.kernel.org>\0" "\00:1\0" "b\0" "On Fri, 2017-06-23 at 11:30 -0500, Serge E. Hallyn wrote:\n" - "> Quoting Casey Schaufler (casey at schaufler-ca.com):\n" + "> Quoting Casey Schaufler (casey@schaufler-ca.com):\n" "> > Or maybe just security.ns.capability, taking James' comment into\n" "> > account.\n" "> \n" @@ -31,23 +44,18 @@ "with a standard base, each of the files has a security.ima signature. \n" " Now I add my layer, which involves updating a file, so I need to write\n" "a new signature to security.ima. Because I'm running user namespaced,\n" - "the update gets written at security.ima at uid=1000 when I do a docker\n" + "the update gets written at security.ima@uid=1000 when I do a docker\n" "save. \n" "\n" "Now supposing I deploy that image to a cloud. As a tenant, the cloud\n" "gives me real uid 4531 and maps that to root. Execution of the binary\n" "fails because it tries to use the underlying signature (in\n" - "security.ima) as there is no xattr named security.ima at uid=4531\n" + "security.ima) as there is no xattr named security.ima@uid=4531\n" "\n" "So my essential point is that building the real kuid into the permanent\n" "record of the xattr damages image portability, which is touted as one\n" "of the real advantages of container images.\n" "\n" - "James\n" - "\n" - "--\n" - "To unsubscribe from this list: send the line \"unsubscribe linux-security-module\" in\n" - "the body of a message to majordomo at vger.kernel.org\n" - More majordomo info at http://vger.kernel.org/majordomo-info.html + James -8206f17f7bcef51deb1fd6c937fdd05a8961d8618c3d526c2764300b4bae078f +a727d628c3ca5d326dd01c4c7ec65ce43d82e2e3bb617765750503e962127e22
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.