diff for duplicates of <87efuaip08.fsf@xmission.com> diff --git a/a/1.txt b/N1/1.txt index e437d3a..4c552a1 100644 --- a/a/1.txt +++ b/N1/1.txt @@ -1,7 +1,7 @@ James Bottomley <James.Bottomley@HansenPartnership.com> writes: > On Thu, 2017-06-22 at 18:36 -0500, Serge E. Hallyn wrote: ->> Quoting James Bottomley (James.Bottomley at HansenPartnership.com): +>> Quoting James Bottomley (James.Bottomley(a)HansenPartnership.com): >> > On Thu, 2017-06-22 at 14:59 -0400, Stefan Berger wrote: >> > > This series of patches primary goal is to enable file >> > > capabilities in user namespaces without affecting the file @@ -14,11 +14,11 @@ James Bottomley <James.Bottomley@HansenPartnership.com> writes: >> > > different name when a user namespace is used. If for example the >> > > root user in a user namespace writes the security.capability >> > > xattr, the name of the xattr that is actually written is encoded ->> > > as security.capability at uid=1000 for root mapped to uid 1000 on +>> > > as security.capability(a)uid=1000 for root mapped to uid 1000 on >> > > the host. When listing the xattrs on the host, the existing ->> > > security.capability as well as the security.capability at uid=1000 +>> > > security.capability as well as the security.capability(a)uid=1000 >> > > will be shown. Inside the namespace only 'security.capability', ->> > > with the value of security.capability at uid=1000, is visible. +>> > > with the value of security.capability(a)uid=1000, is visible. >> > >> > I'm a bit bothered by the @uid=1000 suffix. What if I want to use >> > this capability but am dynamically mapping the namespaces (i.e. I @@ -99,8 +99,3 @@ Certainly I expect filesystems that are mounted with s_user_ns != queried from &init_user_ns if we go with general design. Eric - --- -To unsubscribe from this list: send the line "unsubscribe linux-security-module" in -the body of a message to majordomo at vger.kernel.org -More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/a/content_digest b/N1/content_digest index a0549de..a7dd151 100644 --- a/a/content_digest +++ b/N1/content_digest @@ -1,17 +1,14 @@ - "ref\01498157989-11814-1-git-send-email-stefanb@linux.vnet.ibm.com\0" - "ref\01498174161.7636.4.camel@HansenPartnership.com\0" - "ref\020170622233619.GC2894@mail.hallyn.com\0" "ref\01498176787.7636.11.camel@HansenPartnership.com\0" - "From\0ebiederm@xmission.com (Eric W. Biederman)\0" - "Subject\0[PATCH 0/3] Enable namespaced file capabilities\0" + "From\0Eric W. Biederman <ebiederm@xmission.com>\0" + "Subject\0Re: [PATCH 0/3] Enable namespaced file capabilities\0" "Date\0Fri, 23 Jun 2017 12:37:43 -0500\0" - "To\0linux-security-module@vger.kernel.org\0" - "\00:1\0" + "To\0lkp@lists.01.org\0" + "\01:1\0" "b\0" "James Bottomley <James.Bottomley@HansenPartnership.com> writes:\n" "\n" "> On Thu, 2017-06-22 at 18:36 -0500, Serge E. Hallyn wrote:\n" - ">> Quoting James Bottomley (James.Bottomley at HansenPartnership.com):\n" + ">> Quoting James Bottomley (James.Bottomley(a)HansenPartnership.com):\n" ">> > On Thu, 2017-06-22 at 14:59 -0400, Stefan Berger wrote:\n" ">> > > This series of patches primary goal is to enable file \n" ">> > > capabilities in user namespaces without affecting the file \n" @@ -24,11 +21,11 @@ ">> > > different name when a user namespace is used. If for example the \n" ">> > > root user in a user namespace writes the security.capability \n" ">> > > xattr, the name of the xattr that is actually written is encoded \n" - ">> > > as security.capability at uid=1000 for root mapped to uid 1000 on \n" + ">> > > as security.capability(a)uid=1000 for root mapped to uid 1000 on \n" ">> > > the host. When listing the xattrs on the host, the existing\n" - ">> > > security.capability as well as the security.capability at uid=1000 \n" + ">> > > security.capability as well as the security.capability(a)uid=1000 \n" ">> > > will be shown. Inside the namespace only 'security.capability', \n" - ">> > > with the value of security.capability at uid=1000, is visible.\n" + ">> > > with the value of security.capability(a)uid=1000, is visible.\n" ">> > \n" ">> > I'm a bit bothered by the @uid=1000 suffix. What if I want to use \n" ">> > this capability but am dynamically mapping the namespaces (i.e. I \n" @@ -108,11 +105,6 @@ "&init_user_ns to be shifting the names of the security xattrs when\n" "queried from &init_user_ns if we go with general design.\n" "\n" - "Eric\n" - "\n" - "--\n" - "To unsubscribe from this list: send the line \"unsubscribe linux-security-module\" in\n" - "the body of a message to majordomo at vger.kernel.org\n" - More majordomo info at http://vger.kernel.org/majordomo-info.html + Eric -6656cc48fc1a1944500094be8379d11b86d40b0800fbfc0a32bed4f90f7ca430 +ddc8156cb9c5de937ed31a1b58312862de4eacc6121ac3e572d9e52fb9636044
diff --git a/a/1.txt b/N2/1.txt index e437d3a..bff5187 100644 --- a/a/1.txt +++ b/N2/1.txt @@ -1,7 +1,7 @@ James Bottomley <James.Bottomley@HansenPartnership.com> writes: > On Thu, 2017-06-22 at 18:36 -0500, Serge E. Hallyn wrote: ->> Quoting James Bottomley (James.Bottomley at HansenPartnership.com): +>> Quoting James Bottomley (James.Bottomley@HansenPartnership.com): >> > On Thu, 2017-06-22 at 14:59 -0400, Stefan Berger wrote: >> > > This series of patches primary goal is to enable file >> > > capabilities in user namespaces without affecting the file @@ -14,11 +14,11 @@ James Bottomley <James.Bottomley@HansenPartnership.com> writes: >> > > different name when a user namespace is used. If for example the >> > > root user in a user namespace writes the security.capability >> > > xattr, the name of the xattr that is actually written is encoded ->> > > as security.capability at uid=1000 for root mapped to uid 1000 on +>> > > as security.capability@uid=1000 for root mapped to uid 1000 on >> > > the host. When listing the xattrs on the host, the existing ->> > > security.capability as well as the security.capability at uid=1000 +>> > > security.capability as well as the security.capability@uid=1000 >> > > will be shown. Inside the namespace only 'security.capability', ->> > > with the value of security.capability at uid=1000, is visible. +>> > > with the value of security.capability@uid=1000, is visible. >> > >> > I'm a bit bothered by the @uid=1000 suffix. What if I want to use >> > this capability but am dynamically mapping the namespaces (i.e. I @@ -99,8 +99,3 @@ Certainly I expect filesystems that are mounted with s_user_ns != queried from &init_user_ns if we go with general design. Eric - --- -To unsubscribe from this list: send the line "unsubscribe linux-security-module" in -the body of a message to majordomo at vger.kernel.org -More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/a/content_digest b/N2/content_digest index a0549de..8ee2df1 100644 --- a/a/content_digest +++ b/N2/content_digest @@ -3,15 +3,22 @@ "ref\020170622233619.GC2894@mail.hallyn.com\0" "ref\01498176787.7636.11.camel@HansenPartnership.com\0" "From\0ebiederm@xmission.com (Eric W. Biederman)\0" - "Subject\0[PATCH 0/3] Enable namespaced file capabilities\0" + "Subject\0Re: [PATCH 0/3] Enable namespaced file capabilities\0" "Date\0Fri, 23 Jun 2017 12:37:43 -0500\0" - "To\0linux-security-module@vger.kernel.org\0" + "To\0James Bottomley <James.Bottomley@hansenpartnership.com>\0" + "Cc\0Serge E. Hallyn <serge@hallyn.com>" + zohar@linux.vnet.ibm.com + containers@lists.linux-foundation.org + linux-kernel@vger.kernel.org + xiaolong.ye@intel.com + linux-security-module@vger.kernel.org + " lkp@01.org\0" "\00:1\0" "b\0" "James Bottomley <James.Bottomley@HansenPartnership.com> writes:\n" "\n" "> On Thu, 2017-06-22 at 18:36 -0500, Serge E. Hallyn wrote:\n" - ">> Quoting James Bottomley (James.Bottomley at HansenPartnership.com):\n" + ">> Quoting James Bottomley (James.Bottomley@HansenPartnership.com):\n" ">> > On Thu, 2017-06-22 at 14:59 -0400, Stefan Berger wrote:\n" ">> > > This series of patches primary goal is to enable file \n" ">> > > capabilities in user namespaces without affecting the file \n" @@ -24,11 +31,11 @@ ">> > > different name when a user namespace is used. If for example the \n" ">> > > root user in a user namespace writes the security.capability \n" ">> > > xattr, the name of the xattr that is actually written is encoded \n" - ">> > > as security.capability at uid=1000 for root mapped to uid 1000 on \n" + ">> > > as security.capability@uid=1000 for root mapped to uid 1000 on \n" ">> > > the host. When listing the xattrs on the host, the existing\n" - ">> > > security.capability as well as the security.capability at uid=1000 \n" + ">> > > security.capability as well as the security.capability@uid=1000 \n" ">> > > will be shown. Inside the namespace only 'security.capability', \n" - ">> > > with the value of security.capability at uid=1000, is visible.\n" + ">> > > with the value of security.capability@uid=1000, is visible.\n" ">> > \n" ">> > I'm a bit bothered by the @uid=1000 suffix. What if I want to use \n" ">> > this capability but am dynamically mapping the namespaces (i.e. I \n" @@ -108,11 +115,6 @@ "&init_user_ns to be shifting the names of the security xattrs when\n" "queried from &init_user_ns if we go with general design.\n" "\n" - "Eric\n" - "\n" - "--\n" - "To unsubscribe from this list: send the line \"unsubscribe linux-security-module\" in\n" - "the body of a message to majordomo at vger.kernel.org\n" - More majordomo info at http://vger.kernel.org/majordomo-info.html + Eric -6656cc48fc1a1944500094be8379d11b86d40b0800fbfc0a32bed4f90f7ca430 +5d885d9a418b23abbe496cd9f8e1468d9c75c4b366e98769694b999ad2027538
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.