From: "Daniel P. Berrange" <berrange-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
To: Richard Weinberger <richard-/L3Ra7n9ekc@public.gmane.org>
Cc: "Eric W. Biederman"
<ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>,
Kenton Varda <kenton-AuYgBwuPrUQTaNkGU808tA@public.gmane.org>,
Greg Kroah-Hartman
<gregkh-hQyY1W1yCW8ekmWlsbkhG0B+6BGkLq7r@public.gmane.org>,
Linux Containers
<containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org>,
Serge Hallyn
<serge.hallyn-GeWIH/nMZzLQT0dZR+AlfA@public.gmane.org>,
Andy Lutomirski <luto-kltTT9wpgjJwATOyAt5JVQ@public.gmane.org>,
Seth Forshee
<seth.forshee-Z7WLFzj8eWMS+FvcfC7Uqw@public.gmane.org>,
Michael Kerrisk-manpages
<mtk.manpages-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>,
Linux API <linux-api-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
Linux FS Devel
<linux-fsdevel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
Tejun Heo <tj-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>
Subject: Re: [CFT][PATCH 00/10] Making new mounts of proc and sysfs as safe as bind mounts (take 2)
Date: Tue, 16 Jun 2015 13:30:54 +0100 [thread overview]
Message-ID: <20150616123053.GA18926@redhat.com> (raw)
In-Reply-To: <55678CCA.80807-/L3Ra7n9ekc@public.gmane.org>
On Thu, May 28, 2015 at 11:46:50PM +0200, Richard Weinberger wrote:
> Am 28.05.2015 um 23:32 schrieb Eric W. Biederman:
> > Richard Weinberger <richard-/L3Ra7n9ekc@public.gmane.org> writes:
> >
> >> Am 28.05.2015 um 21:57 schrieb Eric W. Biederman:
> >>>> FWIW, it breaks also libvirt-lxc:
> >>>> Error: internal error: guest failed to start: Failed to re-mount /proc/sys on /proc/sys flags=1021: Operation not permitted
> >>>
> >>> Interesting. I had not anticipated a failure there? And it is failing
> >>> in remount? Oh that is interesting.
> >>>
> >>> That implies that there is some flag of the original mount of /proc that
> >>> the remount of /proc/sys is clearing, and that previously
> >>>
> >>> The flags specified are current rdonly,remount,bind so I expect there
> >>> are some other flags on proc that libvirt-lxc is clearing by accident
> >>> and we did not fail before because the kernel was not enforcing things.
> >>
> >> Please see:
> >> http://libvirt.org/git/?p=libvirt.git;a=blob;f=src/lxc/lxc_container.c;h=9a9ae5c2aaf0f90ff472f24fda43c077b44998c7;hb=HEAD#l933
> >> lxcContainerMountBasicFS()
> >>
> >> and:
> >> http://libvirt.org/git/?p=libvirt.git;a=blob;f=src/lxc/lxc_container.c;h=9a9ae5c2aaf0f90ff472f24fda43c077b44998c7;hb=HEAD#l850
> >> lxcBasicMounts
> >>
> >>> What are the mount flags in a working libvirt-lxc?
> >>
> >> See:
> >> test1:~ # cat /proc/self/mountinfo
> >> 149 147 0:56 / /proc rw,nosuid,nodev,noexec,relatime - proc proc rw
> >> 150 149 0:56 /sys /proc/sys ro,nodev,relatime - proc proc rw
> >
> >> If you need more info, please let me know. :-)
> >
> > Oh interesting I had not realized libvirt-lxc had grown an unprivileged
> > mode using user namespaces.
>
> Yep. It works quite well. I've migrated all my containers from lxc
> to libvirt-lxc because libvirt-lxc had a working user-namespace
> implementation before lxc.
>
> > This does appear to be a classic remount bug, where you are not
> > preserving the permissions. It appears the fact that the code
> > failed to enforce locked permissions on the fresh mount of proc
> > was hiding this bug until now.
> >
> > I expect what you actually want is the code below:
> >
> > diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c
> > index 9a9ae5c2aaf0..f008a7484bfe 100644
> > --- a/src/lxc/lxc_container.c
> > +++ b/src/lxc/lxc_container.c
> > @@ -850,7 +850,7 @@ typedef struct {
> >
> > static const virLXCBasicMountInfo lxcBasicMounts[] = {
> > { "proc", "/proc", "proc", MS_NOSUID|MS_NOEXEC|MS_NODEV, false, false, false },
> > - { "/proc/sys", "/proc/sys", NULL, MS_BIND|MS_RDONLY, false, false, false },
> > + { "/proc/sys", "/proc/sys", NULL, MS_BIND|MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_RDONLY, false, false, false },
> > { "/.oldroot/proc/sys/net/ipv4", "/proc/sys/net/ipv4", NULL, MS_BIND, false, false, true },
> > { "/.oldroot/proc/sys/net/ipv6", "/proc/sys/net/ipv6", NULL, MS_BIND, false, false, true },
> > { "sysfs", "/sys", "sysfs", MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_RDONLY, false, false, false },
> >
> > Or possibly just:
> >
> > diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c
> > index 9a9ae5c2aaf0..a60ccbd12bfc 100644
> > --- a/src/lxc/lxc_container.c
> > +++ b/src/lxc/lxc_container.c
> > @@ -850,7 +850,7 @@ typedef struct {
> >
> > static const virLXCBasicMountInfo lxcBasicMounts[] = {
> > { "proc", "/proc", "proc", MS_NOSUID|MS_NOEXEC|MS_NODEV, false, false, false },
> > - { "/proc/sys", "/proc/sys", NULL, MS_BIND|MS_RDONLY, false, false, false },
> > + { "/proc/sys", "/proc/sys", NULL, MS_BIND|MS_RDONLY, true, false, false },
> > { "/.oldroot/proc/sys/net/ipv4", "/proc/sys/net/ipv4", NULL, MS_BIND, false, false, true },
> > { "/.oldroot/proc/sys/net/ipv6", "/proc/sys/net/ipv6", NULL, MS_BIND, false, false, true },
> > { "sysfs", "/sys", "sysfs", MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_RDONLY, false, false, false },
>
> I'll test your diff tomorrow with a fresh brain.
> I sent a similar patch to libvirt folks some time ago, looks like it got lost. ;-\
>
> > As the there is little point in making /proc/sys read-only in a
> > user-namespace, as the permission checks are uid based and no-one should
> > have the global uid 0 in your container. Making mounting /proc/sys
> > read-only rather pointless.
>
> Yeah, I've been ranting about that for ages...
> libvirt-lxc contains a lot of cruft to make privileged container
> kind of secure. Some users still fear using the user-namespace.
Yes, we've discussed this before and I'd like to simplify this. The
thing that has been stopping me tackling it has been figuring out a
way to ensure we don't change semantics for existing deployed users.
ie when RHEL-7 rebases to newer libvirt, I don't want existing
containers to suddenly change their setup, because although the
existing setup is sub-optimal, some apps / users might be relying
on its behaviour in ways I can't predict.
I do believe I have figured out a way to allow backwards compatibility
now though, so we should have able to have another stab at simplifying
and removing this cruft for newly deployed containers.
Regards,
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
next prev parent reply other threads:[~2015-06-16 12:30 UTC|newest]
Thread overview: 145+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-05-14 17:30 [CFT][PATCH 0/10] Making new mounts of proc and sysfs as safe as bind mounts Eric W. Biederman
2015-05-14 17:33 ` [CFT][PATCH 04/10] fs: Add helper functions for permanently empty directories Eric W. Biederman
[not found] ` <87pp63jcca.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2015-05-14 17:31 ` [CFT][PATCH 01/10] mnt: Refactor the logic for mounting sysfs and proc in a user namespace Eric W. Biederman
2015-05-14 17:32 ` [CFT][PATCH 02/10] mnt: Modify fs_fully_visible to deal with mount attributes Eric W. Biederman
2015-05-14 17:32 ` [CFT][PATCH 03/10] vfs: Ignore unlocked mounts in fs_fully_visible Eric W. Biederman
2015-05-14 17:33 ` [CFT][PATCH 04/10] fs: Add helper functions for permanently empty directories Eric W. Biederman
2015-05-14 17:33 ` [CFT][PATCH 05/10] sysctl: Allow creating " Eric W. Biederman
2015-05-14 17:34 ` [CFT][PATCH 06/10] proc: " Eric W. Biederman
2015-05-14 17:34 ` [CFT][PATCH 07/10] kernfs: Add support for always " Eric W. Biederman
2015-05-14 17:35 ` [CFT][PATCH 08/10] sysfs: Add support for permanently " Eric W. Biederman
[not found] ` <87fv6zhxkp.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2015-05-14 20:31 ` Greg Kroah-Hartman
[not found] ` <20150514203131.GB16416-U8xfFu+wG4EAvxtiuMwx3w@public.gmane.org>
2015-05-14 21:33 ` Eric W. Biederman
2015-05-14 21:33 ` Eric W. Biederman
2015-05-14 20:31 ` Greg Kroah-Hartman
2015-05-14 17:36 ` [CFT][PATCH 09/10] sysfs: Create mountpoints with sysfs_create_empty_dir Eric W. Biederman
[not found] ` <878ucrhxi9.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2015-08-11 18:44 ` Tejun Heo
[not found] ` <20150811184426.GH23408-qYNAdHglDFBN0TnZuCh8vA@public.gmane.org>
2015-08-11 18:57 ` Eric W. Biederman
2015-08-11 18:57 ` Eric W. Biederman
2015-08-11 19:21 ` Andy Lutomirski
[not found] ` <CALCETrXE=fKa3XkEEo6y2=ZNtsuBfX=kaoyDwiP0C2BwqKJWjw-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2015-08-12 0:58 ` Eric W. Biederman
[not found] ` <87mvxxcogp.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2015-08-12 20:00 ` Tejun Heo
[not found] ` <20150812200035.GB4496-qYNAdHglDFBN0TnZuCh8vA@public.gmane.org>
2015-08-12 20:27 ` Eric W. Biederman
2015-08-12 20:27 ` Eric W. Biederman
[not found] ` <87r3n82qxd.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2015-08-12 21:05 ` Tejun Heo
2015-08-12 20:00 ` Tejun Heo
2015-08-12 0:58 ` Eric W. Biederman
[not found] ` <877fp1hcuj.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2015-08-11 19:21 ` Andy Lutomirski
2015-08-11 20:11 ` Tejun Heo
[not found] ` <CAOS58YOHU8SFv4UXeBRr4t88UU=DXQCPg2HU_dMBmgM7WBB1zQ-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2015-08-12 0:37 ` Eric W. Biederman
[not found] ` <87fv3pe3zn.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2015-08-12 3:58 ` Eric W. Biederman
[not found] ` <87a8txb1k8.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2015-08-12 4:04 ` Eric W. Biederman
[not found] ` <871tf9b19v.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2015-08-12 19:15 ` Tejun Heo
[not found] ` <20150812191515.GA4496-qYNAdHglDFBN0TnZuCh8vA@public.gmane.org>
2015-08-12 20:07 ` [PATCH] fs: Set the size of empty dirs to 0 Eric W. Biederman
2015-08-12 20:07 ` Eric W. Biederman
[not found] ` <87mvxw46fc.fsf_-_-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2015-08-12 20:18 ` Tejun Heo
2015-08-12 19:15 ` [CFT][PATCH 09/10] sysfs: Create mountpoints with sysfs_create_empty_dir Tejun Heo
2015-08-12 0:37 ` Eric W. Biederman
2015-08-11 18:44 ` Tejun Heo
2015-05-14 17:37 ` [CFT][PATCH 10/10] mnt: Update fs_fully_visible to test for permanently empty directories Eric W. Biederman
2015-05-14 17:37 ` Eric W. Biederman
2015-05-14 20:29 ` [CFT][PATCH 0/10] Making new mounts of proc and sysfs as safe as bind mounts Greg Kroah-Hartman
2015-05-16 2:05 ` [CFT][PATCH 00/10] Making new mounts of proc and sysfs as safe as bind mounts (take 2) Eric W. Biederman
2015-05-14 17:33 ` [CFT][PATCH 05/10] sysctl: Allow creating permanently empty directories Eric W. Biederman
2015-05-14 20:29 ` [CFT][PATCH 0/10] Making new mounts of proc and sysfs as safe as bind mounts Greg Kroah-Hartman
2015-05-14 21:10 ` Eric W. Biederman
[not found] ` <87oalmg90j.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2015-05-15 6:26 ` Andy Lutomirski
[not found] ` <CALCETrU1yxcDfv4YV3wVpWMAdiOOsSUFOPUpFAN-mVA4M-OxdQ-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2015-05-15 6:55 ` Eric W. Biederman
2015-05-15 6:55 ` Eric W. Biederman
2015-05-15 6:26 ` Andy Lutomirski
[not found] ` <20150514202951.GA16416-U8xfFu+wG4EAvxtiuMwx3w@public.gmane.org>
2015-05-14 21:10 ` Eric W. Biederman
2015-05-16 2:05 ` [CFT][PATCH 00/10] Making new mounts of proc and sysfs as safe as bind mounts (take 2) Eric W. Biederman
2015-05-16 2:06 ` [CFT][PATCH 02/10] mnt: Modify fs_fully_visible to deal with mount attributes Eric W. Biederman
[not found] ` <87siaxuvik.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2015-05-16 2:06 ` [CFT][PATCH 01/10] mnt: Refactor the logic for mounting sysfs and proc in a user namespace Eric W. Biederman
2015-05-16 2:06 ` Eric W. Biederman
2015-05-16 2:06 ` [CFT][PATCH 02/10] mnt: Modify fs_fully_visible to deal with mount attributes Eric W. Biederman
2015-05-16 2:07 ` [CFT][PATCH 03/10] vfs: Ignore unlocked mounts in fs_fully_visible Eric W. Biederman
2015-05-16 2:07 ` Eric W. Biederman
2015-05-16 2:07 ` [CFT][PATCH 04/10] fs: Add helper functions for permanently empty directories Eric W. Biederman
2015-05-16 2:07 ` Eric W. Biederman
2015-05-16 2:08 ` [CFT][PATCH 05/10] sysctl: Allow creating permanently empty directories that serve as mountpoints Eric W. Biederman
2015-05-16 2:08 ` Eric W. Biederman
2015-05-16 2:08 ` [CFT][PATCH 06/10] proc: Allow creating permanently empty directories that serve as mount points Eric W. Biederman
2015-05-16 2:08 ` Eric W. Biederman
2015-05-16 2:09 ` [CFT][PATCH 07/10] kernfs: Add support for always empty directories Eric W. Biederman
2015-05-16 2:09 ` [CFT][PATCH 08/10] sysfs: Add support for permanently empty directories to serve as mount points Eric W. Biederman
2015-05-16 2:09 ` Eric W. Biederman
2015-05-18 13:14 ` Greg Kroah-Hartman
[not found] ` <87fv6xtgr2.fsf_-_-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2015-05-18 13:14 ` Greg Kroah-Hartman
2015-05-16 2:10 ` [CFT][PATCH 09/10] sysfs: Create mountpoints with sysfs_create_mount_point Eric W. Biederman
2015-05-16 2:10 ` Eric W. Biederman
[not found] ` <87a8x5tgpp.fsf_-_-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2015-05-18 13:14 ` Greg Kroah-Hartman
2015-05-18 13:14 ` Greg Kroah-Hartman
2015-05-16 2:11 ` [CFT][PATCH 10/10] mnt: Update fs_fully_visible to test for permanently empty directories Eric W. Biederman
2015-05-16 2:11 ` Eric W. Biederman
2015-05-22 17:39 ` [CFT][PATCH 00/10] Making new mounts of proc and sysfs as safe as bind mounts (take 2) Eric W. Biederman
[not found] ` <87wq004im1.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2015-05-22 18:59 ` Andy Lutomirski
2015-05-28 14:08 ` Serge Hallyn
2015-05-28 15:03 ` Eric W. Biederman
[not found] ` <87lhg8pwvz.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2015-05-28 17:33 ` Andy Lutomirski
2015-05-28 21:04 ` Serge E. Hallyn
2015-05-28 17:33 ` Andy Lutomirski
[not found] ` <CALCETrXXax28s9kMTQ-zDx0MttQWG4rg2y-oz3bSGiumSL=3sg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2015-05-28 18:20 ` Kenton Varda
[not found] ` <CAOP=4wid+N_80iyPpiVMN96_fuHZZRGtYQ6AOPn-HFBj2H6Vgg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2015-05-28 19:14 ` Eric W. Biederman
[not found] ` <87fv6gikfn.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2015-05-28 20:12 ` Kenton Varda
[not found] ` <CAOP=4wieEaR_wESNyba7EKPAhi6kf+ujxhoMAFKVRozqWtXHvQ-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2015-05-28 20:47 ` Richard Weinberger
2015-05-28 20:47 ` Richard Weinberger
[not found] ` <55677EE4.2040903-/L3Ra7n9ekc@public.gmane.org>
2015-05-28 21:07 ` Kenton Varda
2015-05-28 21:07 ` Kenton Varda
[not found] ` <CAOP=4wiAA4SqvMn_rQJHOjg6M-75bi_G9Fx8ENgVnYdkT5WVQA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2015-05-28 21:12 ` Richard Weinberger
2015-05-28 20:12 ` Kenton Varda
2015-05-29 0:30 ` Andy Lutomirski
2015-05-29 0:35 ` Andy Lutomirski
2015-05-29 0:35 ` Andy Lutomirski
[not found] ` <CALCETrXO21Y7PR=pKqaqJb1YZArNyjAv7Z-J44O53FcfLM_0Tw-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2015-05-29 4:36 ` Eric W. Biederman
2015-05-29 4:36 ` Eric W. Biederman
[not found] ` <87fv6g80g7.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2015-05-29 4:54 ` Kenton Varda
2015-05-29 17:49 ` Andy Lutomirski
2015-06-03 21:13 ` Eric W. Biederman
[not found] ` <87k2vkebri.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2015-06-03 21:15 ` [CFT][PATCH 11/10] mnt: Avoid unnecessary regressions in fs_fully_visible Eric W. Biederman
[not found] ` <87eglseboh.fsf_-_-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2015-06-04 4:35 ` [CFT][PATCH 11/10] mnt: Avoid unnecessary regressions in fs_fully_visible (take 2) Eric W. Biederman
[not found] ` <874mmodral.fsf_-_-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2015-06-04 5:20 ` Greg Kroah-Hartman
2015-06-04 5:20 ` Greg Kroah-Hartman
2015-06-04 4:35 ` Eric W. Biederman
2015-06-05 0:46 ` [CFT][PATCH 11/10] mnt: Avoid unnecessary regressions in fs_fully_visible Andy Lutomirski
2015-06-05 0:46 ` Andy Lutomirski
[not found] ` <CALCETrWwtFaiaYGLoq4EPkrgcq9nEA2GseVfP3iBkbYZ8NfGPg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2015-06-06 19:14 ` Eric W. Biederman
2015-06-06 19:14 ` Eric W. Biederman
2015-06-04 5:19 ` [CFT][PATCH 00/10] Making new mounts of proc and sysfs as safe as bind mounts (take 2) Greg Kroah-Hartman
[not found] ` <20150604051958.GA21049-U8xfFu+wG4EAvxtiuMwx3w@public.gmane.org>
2015-06-04 6:27 ` Eric W. Biederman
2015-06-04 6:27 ` Eric W. Biederman
[not found] ` <87h9qo6la9.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2015-06-04 7:34 ` Eric W. Biederman
2015-06-16 12:23 ` Daniel P. Berrange
2015-06-16 12:23 ` Daniel P. Berrange
[not found] ` <CALCETrVEA0Ug+3aj5rjupqZub-1tPLw+szzbs4kTyEyVvNs7qg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2015-06-03 21:13 ` Eric W. Biederman
2015-05-28 19:14 ` Eric W. Biederman
2015-05-28 21:04 ` Serge E. Hallyn
[not found] ` <20150528210438.GA14849-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2015-05-28 21:42 ` Eric W. Biederman
2015-05-28 21:42 ` Eric W. Biederman
2015-05-28 21:52 ` Serge E. Hallyn
[not found] ` <871ti0fkfp.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2015-05-28 21:52 ` Serge E. Hallyn
2015-05-28 15:03 ` Eric W. Biederman
2015-05-28 19:36 ` Richard Weinberger
2015-05-28 19:36 ` Richard Weinberger
[not found] ` <55676E32.3050006-/L3Ra7n9ekc@public.gmane.org>
2015-05-28 19:57 ` Eric W. Biederman
2015-05-28 20:30 ` Richard Weinberger
[not found] ` <55677AEF.1090809-/L3Ra7n9ekc@public.gmane.org>
2015-05-28 21:32 ` Eric W. Biederman
[not found] ` <87iobcfkwx.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2015-05-28 21:46 ` Richard Weinberger
[not found] ` <55678CCA.80807-/L3Ra7n9ekc@public.gmane.org>
2015-06-16 12:30 ` Daniel P. Berrange [this message]
2015-06-16 12:30 ` Daniel P. Berrange
2015-05-29 9:30 ` Richard Weinberger
[not found] ` <556831CF.9040600-/L3Ra7n9ekc@public.gmane.org>
2015-05-29 17:41 ` Eric W. Biederman
2015-05-29 17:41 ` Eric W. Biederman
2015-05-29 17:41 ` Eric W. Biederman
2015-06-06 18:56 ` Eric W. Biederman
2015-06-06 18:56 ` Eric W. Biederman
2015-06-06 18:56 ` Eric W. Biederman
[not found] ` <87mw0c1x8p.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2015-06-16 12:31 ` Daniel P. Berrange
2015-06-16 12:31 ` Daniel P. Berrange
[not found] ` <20150616123148.GB18689-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2015-06-16 12:46 ` Richard Weinberger
2015-06-16 12:46 ` Richard Weinberger
[not found] ` <87382gh3uo.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2015-05-28 20:30 ` Richard Weinberger
[not found] ` <CALCETrUhXBR5WQ6gXr9KzGc4=7tph7kzopY29Hug4g+FhOzEKg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2015-05-22 20:41 ` Eric W. Biederman
2015-05-28 14:08 ` Serge Hallyn
2015-05-22 18:59 ` Andy Lutomirski
2015-05-22 17:39 ` Eric W. Biederman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150616123053.GA18926@redhat.com \
--to=berrange-h+wxahxf7alqt0dzr+alfa@public.gmane.org \
--cc=containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org \
--cc=ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org \
--cc=gregkh-hQyY1W1yCW8ekmWlsbkhG0B+6BGkLq7r@public.gmane.org \
--cc=kenton-AuYgBwuPrUQTaNkGU808tA@public.gmane.org \
--cc=linux-api-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-fsdevel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=luto-kltTT9wpgjJwATOyAt5JVQ@public.gmane.org \
--cc=mtk.manpages-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org \
--cc=richard-/L3Ra7n9ekc@public.gmane.org \
--cc=serge.hallyn-GeWIH/nMZzLQT0dZR+AlfA@public.gmane.org \
--cc=seth.forshee-Z7WLFzj8eWMS+FvcfC7Uqw@public.gmane.org \
--cc=tj-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.