From: ebiederm@xmission.com (Eric W. Biederman)
To: linux-security-module@vger.kernel.org
Subject: [PATCH 0/3] Enable namespaced file capabilities
Date: Fri, 23 Jun 2017 12:49:59 -0500 [thread overview]
Message-ID: <8760fmh9vc.fsf@xmission.com> (raw)
In-Reply-To: <20170623170108.GA19354@mail.hallyn.com> (Serge E. Hallyn's message of "Fri, 23 Jun 2017 12:01:08 -0500")
"Serge E. Hallyn" <serge@hallyn.com> writes:
> Quoting Casey Schaufler (casey at schaufler-ca.com):
>> On 6/23/2017 9:30 AM, Serge E. Hallyn wrote:
>> > Quoting Casey Schaufler (casey at schaufler-ca.com):
>> >> Or maybe just security.ns.capability, taking James' comment into account.
>> > That last one may be suitable as an option, useful for his particular
>> > (somewhat barbaric :) use case, but it's not ok for the general solution.
>>
>> security.ns at uid=100.capability
>
> I'm ok with this. It gives protection from older kernels, and puts
> the 'ns at uid=' at predictable locations for security and trusted.
>
>> It makes the namespace part explicit and separate from
>> the rest of the attribute name. It also generalizes for
>> other attributes.
>>
>> security.ns at uid=1000 at smack=WestOfOne.SMACK64
>
> Looks good to me.
>
> Do we want to say that '.' ends the attribute list? That of
> course means '.' cannot be in the attributes. Perhaps end
> with '@@' instead? Just a thought.
>
> What do others think?
I think we have two things that will limit the allowed attributes
severely.
1) We need to the names of all of the xattrs when mounting a filesystem
with s_user_ns != &init_user_ns. I haven't yet checked the patches
to see if they do this properly.
2) Names of xattrs are not fully general and filesystems perform various
tricks to encode them more densely. We should see what the games
with xattr names do to how densely xattrs can be stored on disk.
That matters.
Putting the uid of the root user in the name sounds fundamental to doing
things this way. I am not at all certain about putting smack labels and
generally treating this as something we can add two arbitrarily.
If nothing else this reminds me of the frequent problem in
certifications with ouids. Arbitrary attributes tend to defeat parsers
in a security context on a regular basis. Even the kernel command line
parser has seen problems in this area, and it isn't security sensitive
most of the time.
Extensibility is good in the abstract long term sense. Extensibility in
the here and now where we don't even know which attributes we are
talking about scares me. I don't see how we can possibily know with
multiple attributes which xattrs will be the one to use. As we won't
even know which properties of the kernel to look at to match attributes.
So while I don't mind reorganizing the order we put the information into
the attribute. Let's keep what we place in there very specific.
Eric
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
WARNING: multiple messages have this Message-ID (diff)
From: Eric W. Biederman <ebiederm@xmission.com>
To: lkp@lists.01.org
Subject: Re: [PATCH 0/3] Enable namespaced file capabilities
Date: Fri, 23 Jun 2017 12:49:59 -0500 [thread overview]
Message-ID: <8760fmh9vc.fsf@xmission.com> (raw)
In-Reply-To: <20170623170108.GA19354@mail.hallyn.com>
[-- Attachment #1: Type: text/plain, Size: 2577 bytes --]
"Serge E. Hallyn" <serge@hallyn.com> writes:
> Quoting Casey Schaufler (casey(a)schaufler-ca.com):
>> On 6/23/2017 9:30 AM, Serge E. Hallyn wrote:
>> > Quoting Casey Schaufler (casey(a)schaufler-ca.com):
>> >> Or maybe just security.ns.capability, taking James' comment into account.
>> > That last one may be suitable as an option, useful for his particular
>> > (somewhat barbaric :) use case, but it's not ok for the general solution.
>>
>> security.ns(a)uid=100.capability
>
> I'm ok with this. It gives protection from older kernels, and puts
> the 'ns(a)uid=' at predictable locations for security and trusted.
>
>> It makes the namespace part explicit and separate from
>> the rest of the attribute name. It also generalizes for
>> other attributes.
>>
>> security.ns(a)uid=1000(a)smack=WestOfOne.SMACK64
>
> Looks good to me.
>
> Do we want to say that '.' ends the attribute list? That of
> course means '.' cannot be in the attributes. Perhaps end
> with '@@' instead? Just a thought.
>
> What do others think?
I think we have two things that will limit the allowed attributes
severely.
1) We need to the names of all of the xattrs when mounting a filesystem
with s_user_ns != &init_user_ns. I haven't yet checked the patches
to see if they do this properly.
2) Names of xattrs are not fully general and filesystems perform various
tricks to encode them more densely. We should see what the games
with xattr names do to how densely xattrs can be stored on disk.
That matters.
Putting the uid of the root user in the name sounds fundamental to doing
things this way. I am not at all certain about putting smack labels and
generally treating this as something we can add two arbitrarily.
If nothing else this reminds me of the frequent problem in
certifications with ouids. Arbitrary attributes tend to defeat parsers
in a security context on a regular basis. Even the kernel command line
parser has seen problems in this area, and it isn't security sensitive
most of the time.
Extensibility is good in the abstract long term sense. Extensibility in
the here and now where we don't even know which attributes we are
talking about scares me. I don't see how we can possibily know with
multiple attributes which xattrs will be the one to use. As we won't
even know which properties of the kernel to look at to match attributes.
So while I don't mind reorganizing the order we put the information into
the attribute. Let's keep what we place in there very specific.
Eric
WARNING: multiple messages have this Message-ID (diff)
From: ebiederm@xmission.com (Eric W. Biederman)
To: "Serge E. Hallyn" <serge@hallyn.com>
Cc: Casey Schaufler <casey@schaufler-ca.com>,
Amir Goldstein <amir73il@gmail.com>,
Stefan Berger <stefanb@linux.vnet.ibm.com>,
Linux Containers <containers@lists.linux-foundation.org>,
lkp@01.org, xiaolong.ye@intel.com,
linux-kernel <linux-kernel@vger.kernel.org>,
Mimi Zohar <zohar@linux.vnet.ibm.com>,
Tycho Andersen <tycho@docker.com>,
James Bottomley <James.Bottomley@hansenpartnership.com>,
christian.brauner@mailbox.org, Vivek Goyal <vgoyal@redhat.com>,
LSM List <linux-security-module@vger.kernel.org>
Subject: Re: [PATCH 0/3] Enable namespaced file capabilities
Date: Fri, 23 Jun 2017 12:49:59 -0500 [thread overview]
Message-ID: <8760fmh9vc.fsf@xmission.com> (raw)
In-Reply-To: <20170623170108.GA19354@mail.hallyn.com> (Serge E. Hallyn's message of "Fri, 23 Jun 2017 12:01:08 -0500")
"Serge E. Hallyn" <serge@hallyn.com> writes:
> Quoting Casey Schaufler (casey@schaufler-ca.com):
>> On 6/23/2017 9:30 AM, Serge E. Hallyn wrote:
>> > Quoting Casey Schaufler (casey@schaufler-ca.com):
>> >> Or maybe just security.ns.capability, taking James' comment into account.
>> > That last one may be suitable as an option, useful for his particular
>> > (somewhat barbaric :) use case, but it's not ok for the general solution.
>>
>> security.ns@uid=100.capability
>
> I'm ok with this. It gives protection from older kernels, and puts
> the 'ns@uid=' at predictable locations for security and trusted.
>
>> It makes the namespace part explicit and separate from
>> the rest of the attribute name. It also generalizes for
>> other attributes.
>>
>> security.ns@uid=1000@smack=WestOfOne.SMACK64
>
> Looks good to me.
>
> Do we want to say that '.' ends the attribute list? That of
> course means '.' cannot be in the attributes. Perhaps end
> with '@@' instead? Just a thought.
>
> What do others think?
I think we have two things that will limit the allowed attributes
severely.
1) We need to the names of all of the xattrs when mounting a filesystem
with s_user_ns != &init_user_ns. I haven't yet checked the patches
to see if they do this properly.
2) Names of xattrs are not fully general and filesystems perform various
tricks to encode them more densely. We should see what the games
with xattr names do to how densely xattrs can be stored on disk.
That matters.
Putting the uid of the root user in the name sounds fundamental to doing
things this way. I am not at all certain about putting smack labels and
generally treating this as something we can add two arbitrarily.
If nothing else this reminds me of the frequent problem in
certifications with ouids. Arbitrary attributes tend to defeat parsers
in a security context on a regular basis. Even the kernel command line
parser has seen problems in this area, and it isn't security sensitive
most of the time.
Extensibility is good in the abstract long term sense. Extensibility in
the here and now where we don't even know which attributes we are
talking about scares me. I don't see how we can possibily know with
multiple attributes which xattrs will be the one to use. As we won't
even know which properties of the kernel to look at to match attributes.
So while I don't mind reorganizing the order we put the information into
the attribute. Let's keep what we place in there very specific.
Eric
next prev parent reply other threads:[~2017-06-23 17:49 UTC|newest]
Thread overview: 180+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-06-22 18:59 [PATCH 0/3] Enable namespaced file capabilities Stefan Berger
2017-06-22 18:59 ` Stefan Berger
2017-06-22 18:59 ` Stefan Berger
2017-06-22 18:59 ` [PATCH 1/3] xattr: Enable security.capability in user namespaces Stefan Berger
2017-06-22 18:59 ` Stefan Berger
2017-06-22 18:59 ` Stefan Berger
[not found] ` <1498157989-11814-2-git-send-email-stefanb-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>
2017-06-24 21:02 ` [PATCH] xattr: fix kstrdup.cocci warnings kbuild test robot
2017-06-24 21:02 ` [PATCH 1/3] xattr: Enable security.capability in user namespaces kbuild test robot
2017-06-24 21:02 ` [PATCH] xattr: fix kstrdup.cocci warnings kbuild test robot
2017-06-24 21:02 ` kbuild test robot
2017-06-24 21:02 ` kbuild test robot
2017-06-24 21:02 ` [PATCH 1/3] xattr: Enable security.capability in user namespaces kbuild test robot
2017-06-24 21:02 ` kbuild test robot
2017-06-24 21:02 ` kbuild test robot
2017-06-22 18:59 ` [PATCH 3/3] Enable security.selinux " Stefan Berger
2017-06-22 18:59 ` Stefan Berger
2017-06-22 18:59 ` Stefan Berger
[not found] ` <1498157989-11814-4-git-send-email-stefanb-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>
2017-06-23 20:30 ` Stephen Smalley
2017-06-23 20:30 ` Stephen Smalley
2017-06-23 20:30 ` Stephen Smalley
2017-06-23 20:30 ` Stephen Smalley
[not found] ` <1498249800.2063.9.camel-+05T5uksL2qpZYMLLGbcSA@public.gmane.org>
2017-06-23 23:41 ` Stefan Berger
2017-06-23 23:41 ` Stefan Berger
2017-06-23 23:41 ` Stefan Berger
2017-06-23 23:41 ` Stefan Berger
[not found] ` <1498157989-11814-1-git-send-email-stefanb-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>
2017-06-22 18:59 ` [PATCH 1/3] xattr: Enable security.capability " Stefan Berger
2017-06-22 18:59 ` [PATCH 2/3] Enable capabilities of files from shared filesystem Stefan Berger
2017-06-22 18:59 ` Stefan Berger
2017-06-22 18:59 ` Stefan Berger
2017-06-22 18:59 ` Stefan Berger
2017-06-22 18:59 ` [PATCH 3/3] Enable security.selinux in user namespaces Stefan Berger
2017-06-22 19:59 ` [PATCH 0/3] Enable namespaced file capabilities Casey Schaufler
2017-06-22 23:29 ` James Bottomley
2017-06-23 7:01 ` Amir Goldstein
2017-06-23 7:01 ` Amir Goldstein
2017-06-23 7:01 ` Amir Goldstein
2017-06-23 16:00 ` Serge E. Hallyn
2017-06-23 16:00 ` Serge E. Hallyn
2017-06-23 16:00 ` Serge E. Hallyn
[not found] ` <20170623160026.GA18257-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2017-06-23 16:16 ` Casey Schaufler
2017-06-23 16:16 ` Casey Schaufler
2017-06-23 16:16 ` Casey Schaufler
2017-06-23 16:16 ` Casey Schaufler
[not found] ` <aa62373e-7cd6-39dd-2e38-2b6d6dbe18a8-iSGtlc1asvQWG2LlvL+J4A@public.gmane.org>
2017-06-23 16:30 ` Serge E. Hallyn
2017-06-23 18:08 ` Stefan Berger
2017-06-23 16:30 ` Serge E. Hallyn
2017-06-23 16:30 ` Serge E. Hallyn
[not found] ` <20170623163030.GA18820-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2017-06-23 16:53 ` Casey Schaufler
2017-06-23 17:07 ` James Bottomley
2017-06-23 16:53 ` Casey Schaufler
2017-06-23 16:53 ` Casey Schaufler
2017-06-23 16:53 ` Casey Schaufler
2017-06-23 17:01 ` Serge E. Hallyn
2017-06-23 17:01 ` Serge E. Hallyn
2017-06-23 17:49 ` Eric W. Biederman [this message]
2017-06-23 17:49 ` Eric W. Biederman
2017-06-23 17:49 ` Eric W. Biederman
[not found] ` <8760fmh9vc.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2017-06-23 18:32 ` Serge E. Hallyn
2017-06-23 18:32 ` Serge E. Hallyn
2017-06-23 18:32 ` Serge E. Hallyn
[not found] ` <20170623170108.GA19354-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2017-06-23 17:49 ` Eric W. Biederman
[not found] ` <ef37880d-6baa-12a6-eab1-bcd0a4e94d53-iSGtlc1asvQWG2LlvL+J4A@public.gmane.org>
2017-06-23 17:01 ` Serge E. Hallyn
2017-06-23 17:07 ` James Bottomley
2017-06-23 17:07 ` James Bottomley
2017-06-23 17:07 ` James Bottomley
[not found] ` <1498237641.3641.15.camel-d9PhHud1JfjCXq6kfMZ53/egYHeGw8Jk@public.gmane.org>
2017-06-23 17:18 ` Aleksa Sarai
[not found] ` <b57803da-0e8b-594d-901b-12eb509f04b5-l3A5Bk7waGM@public.gmane.org>
2017-06-23 18:22 ` Serge E. Hallyn
2017-06-23 17:20 ` Serge E. Hallyn
2017-06-23 17:20 ` Serge E. Hallyn
2017-06-23 17:20 ` Serge E. Hallyn
[not found] ` <20170623172016.GA19551-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2017-06-23 17:28 ` Aleksa Sarai
[not found] ` <553a72c4-eda9-52d6-2ae2-f8687c0c7c70-l3A5Bk7waGM@public.gmane.org>
2017-06-23 18:30 ` Serge E. Hallyn
2017-06-25 12:35 ` Eric W. Biederman
[not found] ` <87lgogdz2t.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2017-06-25 13:06 ` Aleksa Sarai
[not found] ` <f1716e8c-dba8-a051-6bc7-285f13ffcaf0-l3A5Bk7waGM@public.gmane.org>
2017-06-25 13:28 ` Eric W. Biederman
[not found] ` <87zicwb3hu.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2017-06-25 13:51 ` Aleksa Sarai
[not found] ` <5bef361a-bc31-f3bc-f513-e728a48f0524-l3A5Bk7waGM@public.gmane.org>
2017-06-25 16:45 ` Serge E. Hallyn
[not found] ` <20170625164558.GA24471-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2017-06-26 6:14 ` Aleksa Sarai
2017-06-23 17:38 ` Stefan Berger
2017-06-23 17:38 ` Stefan Berger
2017-06-23 17:38 ` Stefan Berger
2017-06-23 17:38 ` Stefan Berger
2017-06-23 18:34 ` Serge E. Hallyn
2017-06-23 18:34 ` Serge E. Hallyn
[not found] ` <d288ea69-adec-f257-30cb-b1d9c57c996b-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>
2017-06-23 18:34 ` Serge E. Hallyn
2017-06-23 18:08 ` Stefan Berger
2017-06-23 18:08 ` Stefan Berger
2017-06-23 18:08 ` Stefan Berger
[not found] ` <3404c486-c848-3283-50f7-2283cb631e8e-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>
2017-06-23 18:35 ` Serge E. Hallyn
2017-06-23 18:35 ` Serge E. Hallyn
2017-06-23 18:35 ` Serge E. Hallyn
[not found] ` <20170623183520.GC21137-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2017-06-23 20:30 ` Casey Schaufler
2017-06-23 20:30 ` Casey Schaufler
2017-06-23 20:30 ` Casey Schaufler
2017-06-23 20:30 ` Casey Schaufler
2017-06-23 23:09 ` Stefan Berger
2017-06-23 23:09 ` Stefan Berger
2017-06-23 23:09 ` Stefan Berger
2017-06-23 23:09 ` Stefan Berger
[not found] ` <da083027-fcd4-bc08-2d88-93034ba1cacc-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>
2017-06-23 23:51 ` Casey Schaufler
2017-06-23 23:51 ` Casey Schaufler
2017-06-23 23:51 ` Casey Schaufler
2017-06-23 23:51 ` Casey Schaufler
2017-06-28 5:41 ` Serge E. Hallyn
2017-06-28 5:41 ` Serge E. Hallyn
2017-06-28 7:18 ` Amir Goldstein
2017-06-28 7:18 ` Amir Goldstein
2017-06-28 14:04 ` Stefan Berger
2017-06-28 14:04 ` Stefan Berger
2017-06-28 14:04 ` Stefan Berger
[not found] ` <CAOQ4uxhiSHEXzWN7=g-nmu=ebpv7hkXszW03JZ4UJkcjTeH+oQ-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2017-06-28 14:04 ` Stefan Berger
2017-06-28 14:28 ` Serge E. Hallyn
2017-06-28 14:28 ` Serge E. Hallyn
2017-06-28 14:28 ` Serge E. Hallyn
2017-06-28 14:28 ` Serge E. Hallyn
[not found] ` <20170628054138.GA15939-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2017-06-28 7:18 ` Amir Goldstein
2017-06-28 5:41 ` Serge E. Hallyn
2017-06-23 20:09 ` Vivek Goyal
2017-06-23 20:09 ` Vivek Goyal
2017-06-23 20:09 ` Vivek Goyal
2017-06-23 20:09 ` Vivek Goyal
[not found] ` <20170623200956.GB24779-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2017-06-23 20:17 ` Serge E. Hallyn
2017-06-23 20:17 ` Serge E. Hallyn
2017-06-23 20:17 ` Serge E. Hallyn
2017-06-23 20:36 ` Vivek Goyal
2017-06-23 20:36 ` Vivek Goyal
2017-06-23 20:36 ` Vivek Goyal
[not found] ` <20170623203643.GC24779-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2017-06-23 20:51 ` Serge E. Hallyn
2017-06-23 20:51 ` Serge E. Hallyn
2017-06-23 20:51 ` Serge E. Hallyn
[not found] ` <20170623201723.GA22857-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2017-06-23 20:36 ` Vivek Goyal
2017-06-22 19:59 ` Casey Schaufler
2017-06-22 19:59 ` Casey Schaufler
2017-06-22 19:59 ` Casey Schaufler
2017-06-22 20:12 ` Stefan Berger
2017-06-22 20:12 ` Stefan Berger
2017-06-22 20:12 ` Stefan Berger
[not found] ` <10fb9c1b-e9af-336c-9a1b-cf95259cfaf3-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>
2017-06-22 20:33 ` Casey Schaufler
2017-06-22 20:33 ` Casey Schaufler
2017-06-22 20:33 ` Casey Schaufler
2017-06-22 20:33 ` Casey Schaufler
[not found] ` <2bf08b3e-27f4-3592-d5e2-a823401ac644-iSGtlc1asvQWG2LlvL+J4A@public.gmane.org>
2017-06-22 21:03 ` Stefan Berger
2017-06-22 21:03 ` Stefan Berger
2017-06-22 21:03 ` Stefan Berger
2017-06-22 21:03 ` Stefan Berger
2017-06-22 21:09 ` Serge E. Hallyn
2017-06-22 21:09 ` Serge E. Hallyn
2017-06-22 21:09 ` Serge E. Hallyn
[not found] ` <20170622210925.GA32691-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2017-06-22 22:40 ` Casey Schaufler
2017-06-22 22:40 ` Casey Schaufler
2017-06-22 22:40 ` Casey Schaufler
2017-06-22 22:40 ` Casey Schaufler
2017-06-22 23:07 ` Serge E. Hallyn
2017-06-22 23:07 ` Serge E. Hallyn
[not found] ` <45e59e2e-0e00-cb9a-2f85-dc4606338a08-iSGtlc1asvQWG2LlvL+J4A@public.gmane.org>
2017-06-22 23:07 ` Serge E. Hallyn
[not found] ` <70a09f1b-e82c-a25c-9325-d5d757b1b695-iSGtlc1asvQWG2LlvL+J4A@public.gmane.org>
2017-06-22 20:12 ` Stefan Berger
2017-06-22 23:29 ` James Bottomley
2017-06-22 23:29 ` James Bottomley
2017-06-22 23:29 ` James Bottomley
2017-06-22 23:32 ` Serge E. Hallyn
2017-06-22 23:32 ` Serge E. Hallyn
[not found] ` <1498174161.7636.4.camel-d9PhHud1JfjCXq6kfMZ53/egYHeGw8Jk@public.gmane.org>
2017-06-22 23:32 ` Serge E. Hallyn
2017-06-22 23:36 ` Serge E. Hallyn
2017-06-22 23:36 ` Serge E. Hallyn
2017-06-22 23:36 ` Serge E. Hallyn
[not found] ` <20170622233619.GC2894-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2017-06-23 0:13 ` James Bottomley
2017-06-23 0:13 ` James Bottomley
2017-06-23 0:13 ` James Bottomley
2017-06-23 0:13 ` James Bottomley
2017-06-23 1:19 ` Serge E. Hallyn
2017-06-23 1:19 ` Serge E. Hallyn
[not found] ` <1498176787.7636.11.camel-d9PhHud1JfjCXq6kfMZ53/egYHeGw8Jk@public.gmane.org>
2017-06-23 1:19 ` Serge E. Hallyn
2017-06-23 17:37 ` Eric W. Biederman
2017-06-23 17:37 ` Eric W. Biederman
2017-06-23 17:37 ` Eric W. Biederman
2017-06-23 17:37 ` Eric W. Biederman
[not found] ` <87efuaip08.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2017-06-23 18:39 ` Serge E. Hallyn
2017-06-23 18:39 ` Serge E. Hallyn
2017-06-23 18:39 ` Serge E. Hallyn
-- strict thread matches above, loose matches on Subject: below --
2017-06-22 18:59 Stefan Berger
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=8760fmh9vc.fsf@xmission.com \
--to=ebiederm@xmission.com \
--cc=linux-security-module@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.