diff for duplicates of <20170622210925.GA32691@mail.hallyn.com> diff --git a/a/1.txt b/N1/1.txt index fe448ff..738f4d7 100644 --- a/a/1.txt +++ b/N1/1.txt @@ -1,4 +1,4 @@ -Quoting Casey Schaufler (casey-iSGtlc1asvQWG2LlvL+J4A@public.gmane.org): +Quoting Casey Schaufler (casey at schaufler-ca.com): > On 6/22/2017 1:12 PM, Stefan Berger wrote: > > On 06/22/2017 03:59 PM, Casey Schaufler wrote: > >> On 6/22/2017 11:59 AM, Stefan Berger wrote: @@ -12,7 +12,7 @@ Quoting Casey Schaufler (casey-iSGtlc1asvQWG2LlvL+J4A@public.gmane.org): > >>> name when a user namespace is used. If for example the root user > >>> in a user namespace writes the security.capability xattr, the name > >>> of the xattr that is actually written is encoded as -> >>> security.capability@uid=1000 for root mapped to uid 1000 on the host. +> >>> security.capability at uid=1000 for root mapped to uid 1000 on the host. > >> You need to identify the instance of the user namespace for > >> this to work right on a system with multiple user namespaces. > >> If I have a shared filesystem mounted in two different user @@ -39,3 +39,7 @@ task, regardles off uid, in the container, which executes the file, gets the privilege. IMO that satisfies the intent of file capabilities. -serge +-- +To unsubscribe from this list: send the line "unsubscribe linux-security-module" in +the body of a message to majordomo at vger.kernel.org +More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/a/content_digest b/N1/content_digest index 69d7c47..eebc184 100644 --- a/a/content_digest +++ b/N1/content_digest @@ -2,22 +2,13 @@ "ref\070a09f1b-e82c-a25c-9325-d5d757b1b695@schaufler-ca.com\0" "ref\010fb9c1b-e9af-336c-9a1b-cf95259cfaf3@linux.vnet.ibm.com\0" "ref\02bf08b3e-27f4-3592-d5e2-a823401ac644@schaufler-ca.com\0" - "ref\02bf08b3e-27f4-3592-d5e2-a823401ac644-iSGtlc1asvQWG2LlvL+J4A@public.gmane.org\0" - "From\0Serge E. Hallyn <serge-A9i7LUbDfNHQT0dZR+AlfA@public.gmane.org>\0" - "Subject\0Re: [PATCH 0/3] Enable namespaced file capabilities\0" + "From\0serge@hallyn.com (Serge E. Hallyn)\0" + "Subject\0[PATCH 0/3] Enable namespaced file capabilities\0" "Date\0Thu, 22 Jun 2017 16:09:25 -0500\0" - "To\0Casey Schaufler <casey-iSGtlc1asvQWG2LlvL+J4A@public.gmane.org>\0" - "Cc\0zohar-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org" - containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org - linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org - xiaolong.ye-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org - James.Bottomley-d9PhHud1JfjCXq6kfMZ53/egYHeGw8Jk@public.gmane.org - linux-security-module-u79uwXL29TY76Z2rM5mHXA@public.gmane.org - ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org - " lkp-JC7UmRfGjtg@public.gmane.org\0" + "To\0linux-security-module@vger.kernel.org\0" "\00:1\0" "b\0" - "Quoting Casey Schaufler (casey-iSGtlc1asvQWG2LlvL+J4A@public.gmane.org):\n" + "Quoting Casey Schaufler (casey at schaufler-ca.com):\n" "> On 6/22/2017 1:12 PM, Stefan Berger wrote:\n" "> > On 06/22/2017 03:59 PM, Casey Schaufler wrote:\n" "> >> On 6/22/2017 11:59 AM, Stefan Berger wrote:\n" @@ -31,7 +22,7 @@ "> >>> name when a user namespace is used. If for example the root user\n" "> >>> in a user namespace writes the security.capability xattr, the name\n" "> >>> of the xattr that is actually written is encoded as\n" - "> >>> security.capability@uid=1000 for root mapped to uid 1000 on the host.\n" + "> >>> security.capability at uid=1000 for root mapped to uid 1000 on the host.\n" "> >> You need to identify the instance of the user namespace for\n" "> >> this to work right on a system with multiple user namespaces.\n" "> >> If I have a shared filesystem mounted in two different user\n" @@ -57,6 +48,10 @@ "task, regardles off uid, in the container, which executes the file,\n" "gets the privilege. IMO that satisfies the intent of file capabilities.\n" "\n" - -serge + "-serge\n" + "--\n" + "To unsubscribe from this list: send the line \"unsubscribe linux-security-module\" in\n" + "the body of a message to majordomo at vger.kernel.org\n" + More majordomo info at http://vger.kernel.org/majordomo-info.html -6279ca32f28be05b0327a945de675534d1004ee0839732679bd845c43a300bf8 +dad95fc44659bf29c6bfe0768b5252446020775b5fc9cf7b9886cd633a3bb07e
diff --git a/a/1.txt b/N2/1.txt index fe448ff..d09f32c 100644 --- a/a/1.txt +++ b/N2/1.txt @@ -1,4 +1,4 @@ -Quoting Casey Schaufler (casey-iSGtlc1asvQWG2LlvL+J4A@public.gmane.org): +Quoting Casey Schaufler (casey@schaufler-ca.com): > On 6/22/2017 1:12 PM, Stefan Berger wrote: > > On 06/22/2017 03:59 PM, Casey Schaufler wrote: > >> On 6/22/2017 11:59 AM, Stefan Berger wrote: diff --git a/a/content_digest b/N2/content_digest index 69d7c47..0393661 100644 --- a/a/content_digest +++ b/N2/content_digest @@ -2,22 +2,27 @@ "ref\070a09f1b-e82c-a25c-9325-d5d757b1b695@schaufler-ca.com\0" "ref\010fb9c1b-e9af-336c-9a1b-cf95259cfaf3@linux.vnet.ibm.com\0" "ref\02bf08b3e-27f4-3592-d5e2-a823401ac644@schaufler-ca.com\0" - "ref\02bf08b3e-27f4-3592-d5e2-a823401ac644-iSGtlc1asvQWG2LlvL+J4A@public.gmane.org\0" - "From\0Serge E. Hallyn <serge-A9i7LUbDfNHQT0dZR+AlfA@public.gmane.org>\0" + "From\0Serge E. Hallyn <serge@hallyn.com>\0" "Subject\0Re: [PATCH 0/3] Enable namespaced file capabilities\0" "Date\0Thu, 22 Jun 2017 16:09:25 -0500\0" - "To\0Casey Schaufler <casey-iSGtlc1asvQWG2LlvL+J4A@public.gmane.org>\0" - "Cc\0zohar-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org" - containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org - linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org - xiaolong.ye-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org - James.Bottomley-d9PhHud1JfjCXq6kfMZ53/egYHeGw8Jk@public.gmane.org - linux-security-module-u79uwXL29TY76Z2rM5mHXA@public.gmane.org - ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org - " lkp-JC7UmRfGjtg@public.gmane.org\0" + "To\0Casey Schaufler <casey@schaufler-ca.com>\0" + "Cc\0Stefan Berger <stefanb@linux.vnet.ibm.com>" + ebiederm@xmission.com + containers@lists.linux-foundation.org + lkp@01.org + xiaolong.ye@intel.com + linux-kernel@vger.kernel.org + zohar@linux.vnet.ibm.com + serge@hallyn.com + tycho@docker.com + James.Bottomley@hansenpartnership.com + christian.brauner@mailbox.org + vgoyal@redhat.com + amir73il@gmail.com + " linux-security-module@vger.kernel.org\0" "\00:1\0" "b\0" - "Quoting Casey Schaufler (casey-iSGtlc1asvQWG2LlvL+J4A@public.gmane.org):\n" + "Quoting Casey Schaufler (casey@schaufler-ca.com):\n" "> On 6/22/2017 1:12 PM, Stefan Berger wrote:\n" "> > On 06/22/2017 03:59 PM, Casey Schaufler wrote:\n" "> >> On 6/22/2017 11:59 AM, Stefan Berger wrote:\n" @@ -59,4 +64,4 @@ "\n" -serge -6279ca32f28be05b0327a945de675534d1004ee0839732679bd845c43a300bf8 +e6612833bb1ec3b2f714b73b097f8ef83b183456ccdb10218ebc361d3606f04f
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.