From mboxrd@z Thu Jan 1 00:00:00 1970 From: serge@hallyn.com (Serge E. Hallyn) Date: Fri, 23 Jun 2017 13:39:55 -0500 Subject: [PATCH 0/3] Enable namespaced file capabilities In-Reply-To: <87efuaip08.fsf@xmission.com> References: <1498157989-11814-1-git-send-email-stefanb@linux.vnet.ibm.com> <1498174161.7636.4.camel@HansenPartnership.com> <20170622233619.GC2894@mail.hallyn.com> <1498176787.7636.11.camel@HansenPartnership.com> <87efuaip08.fsf@xmission.com> Message-ID: <20170623183955.GD21137@mail.hallyn.com> To: linux-security-module@vger.kernel.org List-Id: linux-security-module.vger.kernel.org Quoting Eric W. Biederman (ebiederm at xmission.com): > Even with one xattr of any type there is something appealing about > putting the logic that limits that xattr to a namespace in the name. As Exactly. That's the idea - from Stefan - that I thought was a worthwhile improvement over my own previous patch, which puts the logic in the value. Most of the complaints raised so far about this patchset are just as valid (or invalid) against my previous patch, but I was particularly interested in thoughts on this approach versus mine. thanks, -serge -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majordomo at vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754788AbdFWSj4 (ORCPT ); Fri, 23 Jun 2017 14:39:56 -0400 Received: from h2.hallyn.com ([78.46.35.8]:33460 "EHLO h2.hallyn.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754327AbdFWSjz (ORCPT ); Fri, 23 Jun 2017 14:39:55 -0400 Date: Fri, 23 Jun 2017 13:39:55 -0500 From: "Serge E. Hallyn" To: "Eric W. Biederman" Cc: James Bottomley , "Serge E. Hallyn" , zohar@linux.vnet.ibm.com, containers@lists.linux-foundation.org, linux-kernel@vger.kernel.org, xiaolong.ye@intel.com, linux-security-module@vger.kernel.org, lkp@01.org Subject: Re: [PATCH 0/3] Enable namespaced file capabilities Message-ID: <20170623183955.GD21137@mail.hallyn.com> References: <1498157989-11814-1-git-send-email-stefanb@linux.vnet.ibm.com> <1498174161.7636.4.camel@HansenPartnership.com> <20170622233619.GC2894@mail.hallyn.com> <1498176787.7636.11.camel@HansenPartnership.com> <87efuaip08.fsf@xmission.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <87efuaip08.fsf@xmission.com> User-Agent: Mutt/1.5.21 (2010-09-15) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Quoting Eric W. Biederman (ebiederm@xmission.com): > Even with one xattr of any type there is something appealing about > putting the logic that limits that xattr to a namespace in the name. As Exactly. That's the idea - from Stefan - that I thought was a worthwhile improvement over my own previous patch, which puts the logic in the value. Most of the complaints raised so far about this patchset are just as valid (or invalid) against my previous patch, but I was particularly interested in thoughts on this approach versus mine. thanks, -serge