diff for duplicates of <20170725210801.GA5628@mail.hallyn.com> diff --git a/a/1.txt b/N1/1.txt index 7f22afb..25cf47b 100644 --- a/a/1.txt +++ b/N1/1.txt @@ -58,9 +58,9 @@ On Tue, Jul 25, 2017 at 04:57:57PM -0400, Mimi Zohar wrote: > > > > Shouldn't it be both? > -> The policy defines which files are measured. ?The namespace policy +> The policy defines which files are measured. The namespace policy > could be different than it's parent's policy, and the parent's policy -> could be different than the native policy. ?Basically, file +> could be different than the native policy. Basically, file > measurements need to be added to the namespace measurement list, > recursively, up to the native measurement list. @@ -68,8 +68,3 @@ Yes, but if a task t1 is in namespace ns2 which is a child of namespace ns1, and it accesses a file which ns1's policy says must be measured, then will ns1's required measurement happen (and be appended to the ns1 measurement list), whether or not ns2's policy requires it? - --- -To unsubscribe from this list: send the line "unsubscribe linux-security-module" in -the body of a message to majordomo at vger.kernel.org -More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/a/content_digest b/N1/content_digest index 262c17a..e38ea81 100644 --- a/a/content_digest +++ b/N1/content_digest @@ -8,10 +8,22 @@ "ref\0645db815-7773-e351-5db7-89f38cd88c3d@linux.vnet.ibm.com\0" "ref\020170725204622.GA4969@mail.hallyn.com\0" "ref\01501016277.27413.50.camel@linux.vnet.ibm.com\0" - "From\0serge@hallyn.com (Serge E. Hallyn)\0" - "Subject\0[RFC PATCH 1/5] ima: extend clone() with IMA namespace support\0" + "From\0Serge E. Hallyn <serge@hallyn.com>\0" + "Subject\0Re: [RFC PATCH 1/5] ima: extend clone() with IMA namespace support\0" "Date\0Tue, 25 Jul 2017 16:08:01 -0500\0" - "To\0linux-security-module@vger.kernel.org\0" + "To\0Mimi Zohar <zohar@linux.vnet.ibm.com>\0" + "Cc\0Serge E. Hallyn <serge@hallyn.com>" + Stefan Berger <stefanb@linux.vnet.ibm.com> + James Bottomley <James.Bottomley@hansenpartnership.com> + Mehmet Kayaalp <mkayaalp@cs.binghamton.edu> + Mehmet Kayaalp <mkayaalp@linux.vnet.ibm.com> + Yuqiong Sun <sunyuqiong1988@gmail.com> + containers <containers@lists.linux-foundation.org> + linux-kernel <linux-kernel@vger.kernel.org> + David Safford <david.safford@ge.com> + linux-security-module <linux-security-module@vger.kernel.org> + ima-devel <linux-ima-devel@lists.sourceforge.net> + " Yuqiong Sun <suny@us.ibm.com>\0" "\00:1\0" "b\0" "On Tue, Jul 25, 2017 at 04:57:57PM -0400, Mimi Zohar wrote:\n" @@ -74,20 +86,15 @@ "> > \n" "> > Shouldn't it be both?\n" "> \n" - "> The policy defines which files are measured. ?The namespace policy\n" + "> The policy defines which files are measured. \302\240The namespace policy\n" "> could be different than it's parent's policy, and the parent's policy\n" - "> could be different than the native policy. ?Basically, file\n" + "> could be different than the native policy. \302\240Basically, file\n" "> measurements need to be added to the namespace measurement list,\n" "> recursively, up to the native measurement list.\n" "\n" "Yes, but if a task t1 is in namespace ns2 which is a child of namespace ns1,\n" "and it accesses a file which ns1's policy says must be measured, then will\n" "ns1's required measurement happen (and be appended to the ns1 measurement\n" - "list), whether or not ns2's policy requires it?\n" - "\n" - "--\n" - "To unsubscribe from this list: send the line \"unsubscribe linux-security-module\" in\n" - "the body of a message to majordomo at vger.kernel.org\n" - More majordomo info at http://vger.kernel.org/majordomo-info.html + list), whether or not ns2's policy requires it? -ca1b293b60dfaaf79a5057b52c1bfe23676ff2a17cb4a87fc94b6b92ed1e18f0 +a04f48369077a21a6520b6da4529359711f8d4550f99c56f873f3ef5babcd3fe
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.