diff for duplicates of <8760fmh9vc.fsf@xmission.com> diff --git a/a/1.txt b/N1/1.txt index 76d0fd8..4bfce7f 100644 --- a/a/1.txt +++ b/N1/1.txt @@ -1,22 +1,22 @@ "Serge E. Hallyn" <serge@hallyn.com> writes: -> Quoting Casey Schaufler (casey at schaufler-ca.com): +> Quoting Casey Schaufler (casey(a)schaufler-ca.com): >> On 6/23/2017 9:30 AM, Serge E. Hallyn wrote: ->> > Quoting Casey Schaufler (casey at schaufler-ca.com): +>> > Quoting Casey Schaufler (casey(a)schaufler-ca.com): >> >> Or maybe just security.ns.capability, taking James' comment into account. >> > That last one may be suitable as an option, useful for his particular >> > (somewhat barbaric :) use case, but it's not ok for the general solution. >> ->> security.ns at uid=100.capability +>> security.ns(a)uid=100.capability > > I'm ok with this. It gives protection from older kernels, and puts -> the 'ns at uid=' at predictable locations for security and trusted. +> the 'ns(a)uid=' at predictable locations for security and trusted. > >> It makes the namespace part explicit and separate from >> the rest of the attribute name. It also generalizes for >> other attributes. >> ->> security.ns at uid=1000 at smack=WestOfOne.SMACK64 +>> security.ns(a)uid=1000(a)smack=WestOfOne.SMACK64 > > Looks good to me. > @@ -58,8 +58,3 @@ So while I don't mind reorganizing the order we put the information into the attribute. Let's keep what we place in there very specific. Eric - --- -To unsubscribe from this list: send the line "unsubscribe linux-security-module" in -the body of a message to majordomo at vger.kernel.org -More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/a/content_digest b/N1/content_digest index 4ca5964..e3336c1 100644 --- a/a/content_digest +++ b/N1/content_digest @@ -1,35 +1,29 @@ - "ref\01498157989-11814-1-git-send-email-stefanb@linux.vnet.ibm.com\0" - "ref\0CAOQ4uxj=_Riih1K+QOYasZU8vZKCSrsg393f=17mJ2O-909e=Q@mail.gmail.com\0" - "ref\020170623160026.GA18257@mail.hallyn.com\0" - "ref\0aa62373e-7cd6-39dd-2e38-2b6d6dbe18a8@schaufler-ca.com\0" - "ref\020170623163030.GA18820@mail.hallyn.com\0" - "ref\0ef37880d-6baa-12a6-eab1-bcd0a4e94d53@schaufler-ca.com\0" "ref\020170623170108.GA19354@mail.hallyn.com\0" - "From\0ebiederm@xmission.com (Eric W. Biederman)\0" - "Subject\0[PATCH 0/3] Enable namespaced file capabilities\0" + "From\0Eric W. Biederman <ebiederm@xmission.com>\0" + "Subject\0Re: [PATCH 0/3] Enable namespaced file capabilities\0" "Date\0Fri, 23 Jun 2017 12:49:59 -0500\0" - "To\0linux-security-module@vger.kernel.org\0" - "\00:1\0" + "To\0lkp@lists.01.org\0" + "\01:1\0" "b\0" "\"Serge E. Hallyn\" <serge@hallyn.com> writes:\n" "\n" - "> Quoting Casey Schaufler (casey at schaufler-ca.com):\n" + "> Quoting Casey Schaufler (casey(a)schaufler-ca.com):\n" ">> On 6/23/2017 9:30 AM, Serge E. Hallyn wrote:\n" - ">> > Quoting Casey Schaufler (casey at schaufler-ca.com):\n" + ">> > Quoting Casey Schaufler (casey(a)schaufler-ca.com):\n" ">> >> Or maybe just security.ns.capability, taking James' comment into account.\n" ">> > That last one may be suitable as an option, useful for his particular\n" ">> > (somewhat barbaric :) use case, but it's not ok for the general solution.\n" ">> \n" - ">> security.ns at uid=100.capability\n" + ">> security.ns(a)uid=100.capability\n" ">\n" "> I'm ok with this. It gives protection from older kernels, and puts\n" - "> the 'ns at uid=' at predictable locations for security and trusted.\n" + "> the 'ns(a)uid=' at predictable locations for security and trusted.\n" ">\n" ">> It makes the namespace part explicit and separate from\n" ">> the rest of the attribute name. It also generalizes for\n" ">> other attributes.\n" ">> \n" - ">> security.ns at uid=1000 at smack=WestOfOne.SMACK64\n" + ">> security.ns(a)uid=1000(a)smack=WestOfOne.SMACK64\n" ">\n" "> Looks good to me.\n" ">\n" @@ -70,11 +64,6 @@ "So while I don't mind reorganizing the order we put the information into\n" "the attribute. Let's keep what we place in there very specific.\n" "\n" - "Eric\n" - "\n" - "--\n" - "To unsubscribe from this list: send the line \"unsubscribe linux-security-module\" in\n" - "the body of a message to majordomo at vger.kernel.org\n" - More majordomo info at http://vger.kernel.org/majordomo-info.html + Eric -92b2fee022bb5ada953e6cf61af68420ff2a6d1cafe30e35168e93515de7eebf +82ef04647cc1682f47a9e2ea6aa47554375b6779875c46c9d9db15b38d13e0c7
diff --git a/a/1.txt b/N2/1.txt index 76d0fd8..4e7f7da 100644 --- a/a/1.txt +++ b/N2/1.txt @@ -1,22 +1,22 @@ "Serge E. Hallyn" <serge@hallyn.com> writes: -> Quoting Casey Schaufler (casey at schaufler-ca.com): +> Quoting Casey Schaufler (casey@schaufler-ca.com): >> On 6/23/2017 9:30 AM, Serge E. Hallyn wrote: ->> > Quoting Casey Schaufler (casey at schaufler-ca.com): +>> > Quoting Casey Schaufler (casey@schaufler-ca.com): >> >> Or maybe just security.ns.capability, taking James' comment into account. >> > That last one may be suitable as an option, useful for his particular >> > (somewhat barbaric :) use case, but it's not ok for the general solution. >> ->> security.ns at uid=100.capability +>> security.ns@uid=100.capability > > I'm ok with this. It gives protection from older kernels, and puts -> the 'ns at uid=' at predictable locations for security and trusted. +> the 'ns@uid=' at predictable locations for security and trusted. > >> It makes the namespace part explicit and separate from >> the rest of the attribute name. It also generalizes for >> other attributes. >> ->> security.ns at uid=1000 at smack=WestOfOne.SMACK64 +>> security.ns@uid=1000@smack=WestOfOne.SMACK64 > > Looks good to me. > @@ -58,8 +58,3 @@ So while I don't mind reorganizing the order we put the information into the attribute. Let's keep what we place in there very specific. Eric - --- -To unsubscribe from this list: send the line "unsubscribe linux-security-module" in -the body of a message to majordomo at vger.kernel.org -More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/a/content_digest b/N2/content_digest index 4ca5964..07ed6ef 100644 --- a/a/content_digest +++ b/N2/content_digest @@ -6,30 +6,43 @@ "ref\0ef37880d-6baa-12a6-eab1-bcd0a4e94d53@schaufler-ca.com\0" "ref\020170623170108.GA19354@mail.hallyn.com\0" "From\0ebiederm@xmission.com (Eric W. Biederman)\0" - "Subject\0[PATCH 0/3] Enable namespaced file capabilities\0" + "Subject\0Re: [PATCH 0/3] Enable namespaced file capabilities\0" "Date\0Fri, 23 Jun 2017 12:49:59 -0500\0" - "To\0linux-security-module@vger.kernel.org\0" + "To\0Serge E. Hallyn <serge@hallyn.com>\0" + "Cc\0Casey Schaufler <casey@schaufler-ca.com>" + Amir Goldstein <amir73il@gmail.com> + Stefan Berger <stefanb@linux.vnet.ibm.com> + Linux Containers <containers@lists.linux-foundation.org> + lkp@01.org + xiaolong.ye@intel.com + linux-kernel <linux-kernel@vger.kernel.org> + Mimi Zohar <zohar@linux.vnet.ibm.com> + Tycho Andersen <tycho@docker.com> + James Bottomley <James.Bottomley@hansenpartnership.com> + christian.brauner@mailbox.org + Vivek Goyal <vgoyal@redhat.com> + " LSM List <linux-security-module@vger.kernel.org>\0" "\00:1\0" "b\0" "\"Serge E. Hallyn\" <serge@hallyn.com> writes:\n" "\n" - "> Quoting Casey Schaufler (casey at schaufler-ca.com):\n" + "> Quoting Casey Schaufler (casey@schaufler-ca.com):\n" ">> On 6/23/2017 9:30 AM, Serge E. Hallyn wrote:\n" - ">> > Quoting Casey Schaufler (casey at schaufler-ca.com):\n" + ">> > Quoting Casey Schaufler (casey@schaufler-ca.com):\n" ">> >> Or maybe just security.ns.capability, taking James' comment into account.\n" ">> > That last one may be suitable as an option, useful for his particular\n" ">> > (somewhat barbaric :) use case, but it's not ok for the general solution.\n" ">> \n" - ">> security.ns at uid=100.capability\n" + ">> security.ns@uid=100.capability\n" ">\n" "> I'm ok with this. It gives protection from older kernels, and puts\n" - "> the 'ns at uid=' at predictable locations for security and trusted.\n" + "> the 'ns@uid=' at predictable locations for security and trusted.\n" ">\n" ">> It makes the namespace part explicit and separate from\n" ">> the rest of the attribute name. It also generalizes for\n" ">> other attributes.\n" ">> \n" - ">> security.ns at uid=1000 at smack=WestOfOne.SMACK64\n" + ">> security.ns@uid=1000@smack=WestOfOne.SMACK64\n" ">\n" "> Looks good to me.\n" ">\n" @@ -70,11 +83,6 @@ "So while I don't mind reorganizing the order we put the information into\n" "the attribute. Let's keep what we place in there very specific.\n" "\n" - "Eric\n" - "\n" - "--\n" - "To unsubscribe from this list: send the line \"unsubscribe linux-security-module\" in\n" - "the body of a message to majordomo at vger.kernel.org\n" - More majordomo info at http://vger.kernel.org/majordomo-info.html + Eric -92b2fee022bb5ada953e6cf61af68420ff2a6d1cafe30e35168e93515de7eebf +51646aa1993b0c36a34535d3b6bab7835af292d00825b5198b68520c0069710d
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.