From: Seth Forshee <seth.forshee-Z7WLFzj8eWMS+FvcfC7Uqw@public.gmane.org>
To: serge.hallyn-GeWIH/nMZzLQT0dZR+AlfA@public.gmane.org
Cc: keescook-F7+t8E8rja9g9hUCZPvPmw@public.gmane.org,
linux-api-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org,
linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
luto-kltTT9wpgjJwATOyAt5JVQ@public.gmane.org,
ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org,
morgan-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org
Subject: Re: [PATCH 1/1] simplified security.nscapability xattr
Date: Tue, 26 Apr 2016 14:46:57 -0500 [thread overview]
Message-ID: <20160426194657.GA27639@ubuntu-hedt> (raw)
In-Reply-To: <1461345993-17526-2-git-send-email-serge.hallyn-GeWIH/nMZzLQT0dZR+AlfA@public.gmane.org>
On Fri, Apr 22, 2016 at 12:26:33PM -0500, serge.hallyn-GeWIH/nMZzLQT0dZR+AlfA@public.gmane.org wrote:
> From: Serge Hallyn <serge.hallyn-GeWIH/nMZzLQT0dZR+AlfA@public.gmane.org>
>
> This can only be set by root in his own namespace, and will
> only be respected by namespaces with that same root kuid
> mapped as root, or namespaces descended from it.
>
> This allows a simple setxattr to work, allows tar/untar to
> work, and allows us to tar in one namespace and untar in
> another while preserving the capability, without risking
> leaking privilege into a parent namespace.
>
> Signed-off-by: Serge Hallyn <serge.hallyn-GeWIH/nMZzLQT0dZR+AlfA@public.gmane.org>
Seems like the simplest possible design which meets the requirements.
Acked-by: Seth Forshee <seth.forshee-Z7WLFzj8eWMS+FvcfC7Uqw@public.gmane.org>
WARNING: multiple messages have this Message-ID (diff)
From: Seth Forshee <seth.forshee@canonical.com>
To: serge.hallyn@ubuntu.com
Cc: linux-kernel@vger.kernel.org, linux-api@vger.kernel.org,
containers@lists.linux-foundation.org, ebiederm@xmission.com,
morgan@kernel.org, luto@amacapital.net, keescook@chromium.org,
jmorris@namei.org
Subject: Re: [PATCH 1/1] simplified security.nscapability xattr
Date: Tue, 26 Apr 2016 14:46:57 -0500 [thread overview]
Message-ID: <20160426194657.GA27639@ubuntu-hedt> (raw)
In-Reply-To: <1461345993-17526-2-git-send-email-serge.hallyn@ubuntu.com>
On Fri, Apr 22, 2016 at 12:26:33PM -0500, serge.hallyn@ubuntu.com wrote:
> From: Serge Hallyn <serge.hallyn@ubuntu.com>
>
> This can only be set by root in his own namespace, and will
> only be respected by namespaces with that same root kuid
> mapped as root, or namespaces descended from it.
>
> This allows a simple setxattr to work, allows tar/untar to
> work, and allows us to tar in one namespace and untar in
> another while preserving the capability, without risking
> leaking privilege into a parent namespace.
>
> Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Seems like the simplest possible design which meets the requirements.
Acked-by: Seth Forshee <seth.forshee@canonical.com>
next prev parent reply other threads:[~2016-04-26 19:46 UTC|newest]
Thread overview: 79+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-04-22 17:26 namespaced file capabilities serge.hallyn-GeWIH/nMZzLQT0dZR+AlfA
2016-04-22 17:26 ` serge.hallyn
[not found] ` <1461345993-17526-1-git-send-email-serge.hallyn-GeWIH/nMZzLQT0dZR+AlfA@public.gmane.org>
2016-04-22 17:26 ` [PATCH 1/1] simplified security.nscapability xattr serge.hallyn-GeWIH/nMZzLQT0dZR+AlfA
2016-04-22 17:26 ` serge.hallyn
[not found] ` <1461345993-17526-2-git-send-email-serge.hallyn-GeWIH/nMZzLQT0dZR+AlfA@public.gmane.org>
2016-04-26 19:46 ` Seth Forshee [this message]
2016-04-26 19:46 ` Seth Forshee
2016-04-26 21:59 ` Kees Cook
2016-04-26 21:59 ` Kees Cook
[not found] ` <CAGXu5jKFNQs8oxq+yD6_Q8HcNyf+GouSHFzkxT9u9BkK=ZLQ7Q-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2016-04-26 22:26 ` Serge E. Hallyn
2016-04-26 22:26 ` Serge E. Hallyn
[not found] ` <20160426222627.GA19307-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2016-04-26 22:39 ` Kees Cook
2016-04-26 22:39 ` Kees Cook
[not found] ` <CAGXu5jJbmSKst_RiM84-7OaX=2XettzpTh34uFFoevvoPRO76Q-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2016-04-27 4:39 ` Serge E. Hallyn
2016-04-27 4:39 ` Serge E. Hallyn
2016-04-27 4:39 ` Serge E. Hallyn
2016-04-27 8:09 ` Jann Horn
2016-05-02 3:54 ` Serge E. Hallyn
2016-05-02 3:54 ` Serge E. Hallyn
[not found] ` <20160502035452.GA31837-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2016-05-02 18:31 ` Michael Kerrisk (man-pages)
2016-05-02 18:31 ` Michael Kerrisk (man-pages)
2016-05-02 21:31 ` Eric W. Biederman
2016-05-02 21:31 ` Eric W. Biederman
[not found] ` <87h9egp2oq.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2016-05-03 3:57 ` Andrew G. Morgan
[not found] ` <CALQRfL7mfpyudWs4Z8W5Zi8CTG-9O0OvrCnRU7pk0MXtsLBd0A-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2016-05-03 4:50 ` Eric W. Biederman
2016-05-03 4:50 ` Eric W. Biederman
[not found] ` <874mafiw2m.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2016-05-10 19:00 ` Serge E. Hallyn
2016-05-10 19:00 ` Serge E. Hallyn
2016-05-03 4:50 ` Eric W. Biederman
2016-05-03 5:19 ` Serge E. Hallyn
2016-05-03 5:19 ` Serge E. Hallyn
[not found] ` <20160503051921.GA31551-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2016-05-03 5:54 ` Eric W. Biederman
2016-05-03 5:54 ` Eric W. Biederman
2016-05-03 5:54 ` Eric W. Biederman
[not found] ` <87bn4nhejj.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2016-05-03 14:25 ` Serge E. Hallyn
2016-05-03 14:25 ` Serge E. Hallyn
[not found] ` <20160503142526.GA6309-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2016-05-10 19:03 ` Serge E. Hallyn
2016-05-10 19:03 ` Serge E. Hallyn
2016-05-10 19:03 ` Serge E. Hallyn
2016-05-03 14:25 ` Serge E. Hallyn
2016-05-07 23:10 ` Jann Horn
2016-05-07 23:10 ` Jann Horn
[not found] ` <20160507231012.GA11076-J1fxOzX/cBvk1uMJSBkQmQ@public.gmane.org>
2016-05-11 21:02 ` Serge E. Hallyn
2016-05-11 21:02 ` Serge E. Hallyn
[not found] ` <20160511210221.GA24015-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2016-05-16 21:15 ` Serge E. Hallyn
2016-05-16 21:15 ` Serge E. Hallyn
[not found] ` <20160516211523.GA5282-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2016-05-16 21:48 ` Serge E. Hallyn
2016-05-16 21:48 ` Serge E. Hallyn
[not found] ` <20160516214804.GA5926-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2016-05-18 21:57 ` [PATCH RFC] user-namespaced file capabilities - now with more magic Serge E. Hallyn
2016-05-18 21:57 ` Serge E. Hallyn
[not found] ` <20160518215752.GA9187-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2016-05-19 20:53 ` Mimi Zohar
2016-05-19 20:53 ` Mimi Zohar
2016-05-19 20:53 ` Mimi Zohar
2016-05-20 3:40 ` Serge E. Hallyn
[not found] ` <20160520034048.GA31216-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2016-05-20 11:19 ` Mimi Zohar
2016-05-20 11:19 ` Mimi Zohar
[not found] ` <1463743150.2465.100.camel-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>
2016-05-20 18:28 ` Eric W. Biederman
2016-05-20 18:28 ` Eric W. Biederman
[not found] ` <87mvnklh20.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2016-05-20 19:09 ` Mimi Zohar
2016-05-20 19:09 ` Mimi Zohar
[not found] ` <1463771344.2763.58.camel-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>
2016-05-20 19:11 ` Eric W. Biederman
2016-05-20 19:11 ` Eric W. Biederman
2016-05-20 19:26 ` Serge E. Hallyn
2016-05-20 19:26 ` Serge E. Hallyn
2016-05-20 19:42 ` Eric W. Biederman
[not found] ` <87iny8h5yv.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2016-05-20 19:59 ` Serge E. Hallyn
2016-05-20 19:59 ` Serge E. Hallyn
[not found] ` <20160520195902.GB12101-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2016-05-20 23:23 ` Mimi Zohar
2016-05-20 23:23 ` Mimi Zohar
[not found] ` <1463786592.2763.74.camel-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>
2016-05-20 23:32 ` Serge E. Hallyn
2016-05-20 23:32 ` Serge E. Hallyn
2016-05-20 23:23 ` Mimi Zohar
2016-05-20 19:59 ` Serge E. Hallyn
[not found] ` <20160520192607.GA11601-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2016-05-20 19:42 ` Eric W. Biederman
2016-05-20 18:28 ` Eric W. Biederman
[not found] ` <1463691236.2465.74.camel-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>
2016-05-20 3:40 ` Serge E. Hallyn
2016-05-16 21:15 ` [PATCH 1/1] simplified security.nscapability xattr Serge E. Hallyn
2016-05-11 21:02 ` Serge E. Hallyn
2016-05-03 5:19 ` Serge E. Hallyn
2016-04-27 8:09 ` Jann Horn
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160426194657.GA27639@ubuntu-hedt \
--to=seth.forshee-z7wlfzj8ewms+fvcfc7uqw@public.gmane.org \
--cc=containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org \
--cc=ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org \
--cc=keescook-F7+t8E8rja9g9hUCZPvPmw@public.gmane.org \
--cc=linux-api-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=luto-kltTT9wpgjJwATOyAt5JVQ@public.gmane.org \
--cc=morgan-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org \
--cc=serge.hallyn-GeWIH/nMZzLQT0dZR+AlfA@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.