diff for duplicates of <20170623183247.GA21137@mail.hallyn.com> diff --git a/a/1.txt b/N1/1.txt index 66b4191..b672f0d 100644 --- a/a/1.txt +++ b/N1/1.txt @@ -1,23 +1,23 @@ -Quoting Eric W. Biederman (ebiederm at xmission.com): +Quoting Eric W. Biederman (ebiederm@xmission.com): > "Serge E. Hallyn" <serge@hallyn.com> writes: > -> > Quoting Casey Schaufler (casey at schaufler-ca.com): +> > Quoting Casey Schaufler (casey@schaufler-ca.com): > >> On 6/23/2017 9:30 AM, Serge E. Hallyn wrote: -> >> > Quoting Casey Schaufler (casey at schaufler-ca.com): +> >> > Quoting Casey Schaufler (casey@schaufler-ca.com): > >> >> Or maybe just security.ns.capability, taking James' comment into account. > >> > That last one may be suitable as an option, useful for his particular > >> > (somewhat barbaric :) use case, but it's not ok for the general solution. > >> -> >> security.ns at uid=100.capability +> >> security.ns@uid=100.capability > > > > I'm ok with this. It gives protection from older kernels, and puts -> > the 'ns at uid=' at predictable locations for security and trusted. +> > the 'ns@uid=' at predictable locations for security and trusted. > > > >> It makes the namespace part explicit and separate from > >> the rest of the attribute name. It also generalizes for > >> other attributes. > >> -> >> security.ns at uid=1000 at smack=WestOfOne.SMACK64 +> >> security.ns@uid=1000@smack=WestOfOne.SMACK64 > > > > Looks good to me. > > @@ -61,7 +61,3 @@ Quoting Eric W. Biederman (ebiederm at xmission.com): Right. I'm in favor of making the syntax so that it is, in the future, if we want it to be, extensible, but we would not be accepting generic attributes now. --- -To unsubscribe from this list: send the line "unsubscribe linux-security-module" in -the body of a message to majordomo at vger.kernel.org -More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/a/content_digest b/N1/content_digest index bc06553..61a9fd1 100644 --- a/a/content_digest +++ b/N1/content_digest @@ -6,32 +6,46 @@ "ref\0ef37880d-6baa-12a6-eab1-bcd0a4e94d53@schaufler-ca.com\0" "ref\020170623170108.GA19354@mail.hallyn.com\0" "ref\08760fmh9vc.fsf@xmission.com\0" - "From\0serge@hallyn.com (Serge E. Hallyn)\0" - "Subject\0[PATCH 0/3] Enable namespaced file capabilities\0" + "From\0Serge E. Hallyn <serge@hallyn.com>\0" + "Subject\0Re: [PATCH 0/3] Enable namespaced file capabilities\0" "Date\0Fri, 23 Jun 2017 13:32:47 -0500\0" - "To\0linux-security-module@vger.kernel.org\0" + "To\0Eric W. Biederman <ebiederm@xmission.com>\0" + "Cc\0Serge E. Hallyn <serge@hallyn.com>" + Casey Schaufler <casey@schaufler-ca.com> + Amir Goldstein <amir73il@gmail.com> + Stefan Berger <stefanb@linux.vnet.ibm.com> + Linux Containers <containers@lists.linux-foundation.org> + lkp@01.org + xiaolong.ye@intel.com + linux-kernel <linux-kernel@vger.kernel.org> + Mimi Zohar <zohar@linux.vnet.ibm.com> + Tycho Andersen <tycho@docker.com> + James Bottomley <James.Bottomley@hansenpartnership.com> + christian.brauner@mailbox.org + Vivek Goyal <vgoyal@redhat.com> + " LSM List <linux-security-module@vger.kernel.org>\0" "\00:1\0" "b\0" - "Quoting Eric W. Biederman (ebiederm at xmission.com):\n" + "Quoting Eric W. Biederman (ebiederm@xmission.com):\n" "> \"Serge E. Hallyn\" <serge@hallyn.com> writes:\n" "> \n" - "> > Quoting Casey Schaufler (casey at schaufler-ca.com):\n" + "> > Quoting Casey Schaufler (casey@schaufler-ca.com):\n" "> >> On 6/23/2017 9:30 AM, Serge E. Hallyn wrote:\n" - "> >> > Quoting Casey Schaufler (casey at schaufler-ca.com):\n" + "> >> > Quoting Casey Schaufler (casey@schaufler-ca.com):\n" "> >> >> Or maybe just security.ns.capability, taking James' comment into account.\n" "> >> > That last one may be suitable as an option, useful for his particular\n" "> >> > (somewhat barbaric :) use case, but it's not ok for the general solution.\n" "> >> \n" - "> >> security.ns at uid=100.capability\n" + "> >> security.ns@uid=100.capability\n" "> >\n" "> > I'm ok with this. It gives protection from older kernels, and puts\n" - "> > the 'ns at uid=' at predictable locations for security and trusted.\n" + "> > the 'ns@uid=' at predictable locations for security and trusted.\n" "> >\n" "> >> It makes the namespace part explicit and separate from\n" "> >> the rest of the attribute name. It also generalizes for\n" "> >> other attributes.\n" "> >> \n" - "> >> security.ns at uid=1000 at smack=WestOfOne.SMACK64\n" + "> >> security.ns@uid=1000@smack=WestOfOne.SMACK64\n" "> >\n" "> > Looks good to me.\n" "> >\n" @@ -74,10 +88,6 @@ "\n" "Right. I'm in favor of making the syntax so that it is, in the future,\n" "if we want it to be, extensible, but we would not be accepting generic\n" - "attributes now.\n" - "--\n" - "To unsubscribe from this list: send the line \"unsubscribe linux-security-module\" in\n" - "the body of a message to majordomo at vger.kernel.org\n" - More majordomo info at http://vger.kernel.org/majordomo-info.html + attributes now. -0fab90a44da50e92fe9c0173f7241dd4cf8753a8183f2f136ccd4f5d037842fa +01b304e4d4c77488269e2fcb37835ec0c4b10d7815460ae55b5311c57633683e
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.