diff for duplicates of <1500058362.2853.28.camel@HansenPartnership.com> diff --git a/a/1.txt b/N1/1.txt index a0ebd25..3bb8026 100644 --- a/a/1.txt +++ b/N1/1.txt @@ -1,10 +1,10 @@ On Fri, 2017-07-14 at 14:48 -0400, Mimi Zohar wrote: -> The concern is with a shared filesystems. ?In that case, for IMA it -> would make sense to support a native and a namespace xattr. ?If due +> The concern is with a shared filesystems. In that case, for IMA it +> would make sense to support a native and a namespace xattr. If due > to xattr space limitations we have to limit the number of xattrs, > then we should limit it to two - a native and a namespace version, > with a "uid=" tag - first namespace gets permission to write the -> namespace xattr. ?Again, like in the layered case, if the namespace +> namespace xattr. Again, like in the layered case, if the namespace > xattr doesn't exist, fall back to using the native xattr. Just on this point: if we're really concerned about the need on shared @@ -17,8 +17,3 @@ implementation which would work for traditional shared filesystems (like NFS) as well as containerised bind mounts. James - --- -To unsubscribe from this list: send the line "unsubscribe linux-security-module" in -the body of a message to majordomo at vger.kernel.org -More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/a/content_digest b/N1/content_digest index f28625f..216739b 100644 --- a/a/content_digest +++ b/N1/content_digest @@ -1,28 +1,17 @@ - "ref\087y3rscz9j.fsf@xmission.com\0" - "ref\020170713164012.brj2flnkaaks2oci@thunk.org\0" - "ref\087k23cb6os.fsf@xmission.com\0" - "ref\0847ccb2a-30c0-a94c-df6f-091c8901eaa0@linux.vnet.ibm.com\0" - "ref\087bmoo8bxb.fsf@xmission.com\0" - "ref\09a3010e5-ca2b-5e7a-656b-fcc14f7bec4e@linux.vnet.ibm.com\0" - "ref\087h8yf7szd.fsf@xmission.com\0" - "ref\065dbe654-0d99-03fa-c838-5a726b462826@linux.vnet.ibm.com\0" - "ref\020170714133437.GA16737@mail.hallyn.com\0" - "ref\0596f808b-e21d-8296-5fef-23c1ce7ab778@linux.vnet.ibm.com\0" - "ref\020170714173556.GA19669@mail.hallyn.com\0" "ref\01500058090.3583.28.camel@linux.vnet.ibm.com\0" - "From\0James.Bottomley@hansenpartnership.com (James Bottomley)\0" - "Subject\0[PATCH v2] xattr: Enable security.capability in user namespaces\0" + "From\0James Bottomley <James.Bottomley@hansenpartnership.com>\0" + "Subject\0Re: [PATCH v2] xattr: Enable security.capability in user namespaces\0" "Date\0Fri, 14 Jul 2017 11:52:42 -0700\0" - "To\0linux-security-module@vger.kernel.org\0" - "\00:1\0" + "To\0lkp@lists.01.org\0" + "\01:1\0" "b\0" "On Fri, 2017-07-14 at 14:48 -0400, Mimi Zohar wrote:\n" - "> The concern is with a shared filesystems. ?In that case, for IMA it\n" - "> would make sense to support a native and a namespace xattr. ?If due\n" + "> The concern is with a shared filesystems. \302\240In that case, for IMA it\n" + "> would make sense to support a native and a namespace xattr. \302\240If due\n" "> to xattr space limitations we have to limit the number of xattrs,\n" "> then we should limit it to two - a native and a namespace version,\n" "> with a \"uid=\" tag - first namespace gets permission to write the\n" - "> namespace xattr. ?Again, like in the layered case, if the namespace\n" + "> namespace xattr. \302\240Again, like in the layered case, if the namespace\n" "> xattr doesn't exist, fall back to using the native xattr.\n" "\n" "Just on this point: if we're really concerned about the need on shared\n" @@ -34,11 +23,6 @@ "implementation which would work for traditional shared filesystems\n" "(like NFS) as well as containerised bind mounts.\n" "\n" - "James\n" - "\n" - "--\n" - "To unsubscribe from this list: send the line \"unsubscribe linux-security-module\" in\n" - "the body of a message to majordomo at vger.kernel.org\n" - More majordomo info at http://vger.kernel.org/majordomo-info.html + James -ca611d9e185efd8857050ac61055290dc6d16a79a0358140d7a68a8ab83c28de +0107181a75c64b0e21d338bf2882a970346026fb68ed3ffdc604d77c258e2f3e
diff --git a/a/1.txt b/N2/1.txt index a0ebd25..3bb8026 100644 --- a/a/1.txt +++ b/N2/1.txt @@ -1,10 +1,10 @@ On Fri, 2017-07-14 at 14:48 -0400, Mimi Zohar wrote: -> The concern is with a shared filesystems. ?In that case, for IMA it -> would make sense to support a native and a namespace xattr. ?If due +> The concern is with a shared filesystems. In that case, for IMA it +> would make sense to support a native and a namespace xattr. If due > to xattr space limitations we have to limit the number of xattrs, > then we should limit it to two - a native and a namespace version, > with a "uid=" tag - first namespace gets permission to write the -> namespace xattr. ?Again, like in the layered case, if the namespace +> namespace xattr. Again, like in the layered case, if the namespace > xattr doesn't exist, fall back to using the native xattr. Just on this point: if we're really concerned about the need on shared @@ -17,8 +17,3 @@ implementation which would work for traditional shared filesystems (like NFS) as well as containerised bind mounts. James - --- -To unsubscribe from this list: send the line "unsubscribe linux-security-module" in -the body of a message to majordomo at vger.kernel.org -More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/a/content_digest b/N2/content_digest index f28625f..a01b21a 100644 --- a/a/content_digest +++ b/N2/content_digest @@ -10,19 +10,33 @@ "ref\0596f808b-e21d-8296-5fef-23c1ce7ab778@linux.vnet.ibm.com\0" "ref\020170714173556.GA19669@mail.hallyn.com\0" "ref\01500058090.3583.28.camel@linux.vnet.ibm.com\0" - "From\0James.Bottomley@hansenpartnership.com (James Bottomley)\0" - "Subject\0[PATCH v2] xattr: Enable security.capability in user namespaces\0" + "From\0James Bottomley <James.Bottomley@hansenpartnership.com>\0" + "Subject\0Re: [PATCH v2] xattr: Enable security.capability in user namespaces\0" "Date\0Fri, 14 Jul 2017 11:52:42 -0700\0" - "To\0linux-security-module@vger.kernel.org\0" + "To\0Mimi Zohar <zohar@linux.vnet.ibm.com>" + Serge E. Hallyn <serge@hallyn.com> + Stefan Berger <stefanb@linux.vnet.ibm.com> + " Mimi Zohar <zohar@us.ibm.com>\0" + "Cc\0Eric W. Biederman <ebiederm@xmission.com>" + Theodore Ts'o <tytso@mit.edu> + containers@lists.linux-foundation.org + lkp@01.org + linux-kernel@vger.kernel.org + tycho@docker.com + vgoyal@redhat.com + christian.brauner@mailbox.org + amir73il@gmail.com + linux-security-module@vger.kernel.org + " casey@schaufler-ca.com\0" "\00:1\0" "b\0" "On Fri, 2017-07-14 at 14:48 -0400, Mimi Zohar wrote:\n" - "> The concern is with a shared filesystems. ?In that case, for IMA it\n" - "> would make sense to support a native and a namespace xattr. ?If due\n" + "> The concern is with a shared filesystems. \302\240In that case, for IMA it\n" + "> would make sense to support a native and a namespace xattr. \302\240If due\n" "> to xattr space limitations we have to limit the number of xattrs,\n" "> then we should limit it to two - a native and a namespace version,\n" "> with a \"uid=\" tag - first namespace gets permission to write the\n" - "> namespace xattr. ?Again, like in the layered case, if the namespace\n" + "> namespace xattr. \302\240Again, like in the layered case, if the namespace\n" "> xattr doesn't exist, fall back to using the native xattr.\n" "\n" "Just on this point: if we're really concerned about the need on shared\n" @@ -34,11 +48,6 @@ "implementation which would work for traditional shared filesystems\n" "(like NFS) as well as containerised bind mounts.\n" "\n" - "James\n" - "\n" - "--\n" - "To unsubscribe from this list: send the line \"unsubscribe linux-security-module\" in\n" - "the body of a message to majordomo at vger.kernel.org\n" - More majordomo info at http://vger.kernel.org/majordomo-info.html + James -ca611d9e185efd8857050ac61055290dc6d16a79a0358140d7a68a8ab83c28de +05767d52d92b6ee356723738e6f56b7691621e5b94a5407811e3ca9b03abbb53
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.