diff for duplicates of <87fu83lfw5.fsf@xmission.com> diff --git a/a/1.txt b/N1/1.txt index 0c16593..38ef907 100644 --- a/a/1.txt +++ b/N1/1.txt @@ -1,4 +1,4 @@ -Maciej Żenczykowski <zenczykowski@gmail.com> writes: +Maciej ?enczykowski <zenczykowski@gmail.com> writes: > On Thu, Dec 21, 2017 at 10:44 PM, Eric W. Biederman > <ebiederm@xmission.com> wrote: @@ -60,26 +60,26 @@ Maciej Żenczykowski <zenczykowski@gmail.com> writes: > (let's transition to target user) > lpk19:/# su - produser > -> produser@lpk19:~$ id +> produser at lpk19:~$ id > uid=2080(produser) gid=620(prod) groups=620(prod) > > (we can't overwrite it) -> produser@lpk19:~$ echo log2 > /immu/log +> produser at lpk19:~$ echo log2 > /immu/log > -su: /immu/log: Operation not permitted > > (but we can log to it: as intended) -> produser@lpk19:~$ echo log2 >> /immu/log +> produser at lpk19:~$ echo log2 >> /immu/log > > (we can't change its permissions, cause it's in an immutable directory) -> produser@lpk19:~$ chmod u+r /immu/log +> produser at lpk19:~$ chmod u+r /immu/log > chmod: changing permissions of '/immu/log': Operation not permitted > > (we can't dump the file, cause we don't have CAP_DAC_OVERRIDE) -> produser@lpk19:~$ cat /immu/log +> produser at lpk19:~$ cat /immu/log > cat: /immu/log: Permission denied > > (or can we?) -> produser@lpk19:~$ unshare -U -r cat /immu/log +> produser at lpk19:~$ unshare -U -r cat /immu/log > log1 > log2 > @@ -127,7 +127,7 @@ outside observer (bounded permissions), but there is a real difference in difficulty of implementation. Eric -_______________________________________________ -Containers mailing list -Containers@lists.linux-foundation.org -https://lists.linuxfoundation.org/mailman/listinfo/containers +-- +To unsubscribe from this list: send the line "unsubscribe linux-security-module" in +the body of a message to majordomo at vger.kernel.org +More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/a/content_digest b/N1/content_digest index 3a17005..2755add 100644 --- a/a/content_digest +++ b/N1/content_digest @@ -1,19 +1,13 @@ "ref\020171221210605.181720-1-zenczykowski@gmail.com\0" "ref\087wp1foiwa.fsf@xmission.com\0" "ref\0CAHo-OoyrOr5jXwU-j4Z4qYdWo40+qAdAk0r+OpfMUZ6LgbS-RA@mail.gmail.com\0" - "ref\0CAHo-OoyrOr5jXwU-j4Z4qYdWo40+qAdAk0r+OpfMUZ6LgbS-RA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org\0" - "From\0ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org (Eric W. Biederman)\0" - "Subject\0Re: [PATCH] userns: honour no_new_privs for cap_bset during user ns creation/switch\0" + "From\0ebiederm@xmission.com (Eric W. Biederman)\0" + "Subject\0[PATCH] userns: honour no_new_privs for cap_bset during user ns creation/switch\0" "Date\0Thu, 21 Dec 2017 19:18:02 -0600\0" - "To\0Maciej \305\273enczykowski <zenczykowski-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>\0" - "Cc\0Linux Containers <containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org>" - linux-security-module-u79uwXL29TY76Z2rM5mHXA@public.gmane.org - Mahesh Bandewar <maheshb-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org> - Linux Kernel Mailing List <linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org> - " Willem de Bruijn <willemb-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>\0" + "To\0linux-security-module@vger.kernel.org\0" "\00:1\0" "b\0" - "Maciej \305\273enczykowski <zenczykowski@gmail.com> writes:\n" + "Maciej ?enczykowski <zenczykowski@gmail.com> writes:\n" "\n" "> On Thu, Dec 21, 2017 at 10:44 PM, Eric W. Biederman\n" "> <ebiederm@xmission.com> wrote:\n" @@ -75,26 +69,26 @@ "> (let's transition to target user)\n" "> lpk19:/# su - produser\n" ">\n" - "> produser@lpk19:~$ id\n" + "> produser at lpk19:~$ id\n" "> uid=2080(produser) gid=620(prod) groups=620(prod)\n" ">\n" "> (we can't overwrite it)\n" - "> produser@lpk19:~$ echo log2 > /immu/log\n" + "> produser at lpk19:~$ echo log2 > /immu/log\n" "> -su: /immu/log: Operation not permitted\n" ">\n" "> (but we can log to it: as intended)\n" - "> produser@lpk19:~$ echo log2 >> /immu/log\n" + "> produser at lpk19:~$ echo log2 >> /immu/log\n" ">\n" "> (we can't change its permissions, cause it's in an immutable directory)\n" - "> produser@lpk19:~$ chmod u+r /immu/log\n" + "> produser at lpk19:~$ chmod u+r /immu/log\n" "> chmod: changing permissions of '/immu/log': Operation not permitted\n" ">\n" "> (we can't dump the file, cause we don't have CAP_DAC_OVERRIDE)\n" - "> produser@lpk19:~$ cat /immu/log\n" + "> produser at lpk19:~$ cat /immu/log\n" "> cat: /immu/log: Permission denied\n" ">\n" "> (or can we?)\n" - "> produser@lpk19:~$ unshare -U -r cat /immu/log\n" + "> produser at lpk19:~$ unshare -U -r cat /immu/log\n" "> log1\n" "> log2\n" ">\n" @@ -142,9 +136,9 @@ "in difficulty of implementation.\n" "\n" "Eric\n" - "_______________________________________________\n" - "Containers mailing list\n" - "Containers@lists.linux-foundation.org\n" - https://lists.linuxfoundation.org/mailman/listinfo/containers + "--\n" + "To unsubscribe from this list: send the line \"unsubscribe linux-security-module\" in\n" + "the body of a message to majordomo at vger.kernel.org\n" + More majordomo info at http://vger.kernel.org/majordomo-info.html -025820f7c30e0e43e78ddf81a974bd02c7d2f8103f7c0b9fef405e92375c91d5 +9811f6e0df9794a5aa693066054022441a6e6557680b752de3e6871c6ef6d864
diff --git a/a/1.txt b/N2/1.txt index 0c16593..c7a3c6c 100644 --- a/a/1.txt +++ b/N2/1.txt @@ -127,7 +127,3 @@ outside observer (bounded permissions), but there is a real difference in difficulty of implementation. Eric -_______________________________________________ -Containers mailing list -Containers@lists.linux-foundation.org -https://lists.linuxfoundation.org/mailman/listinfo/containers diff --git a/a/content_digest b/N2/content_digest index 3a17005..bab360c 100644 --- a/a/content_digest +++ b/N2/content_digest @@ -1,16 +1,15 @@ "ref\020171221210605.181720-1-zenczykowski@gmail.com\0" "ref\087wp1foiwa.fsf@xmission.com\0" "ref\0CAHo-OoyrOr5jXwU-j4Z4qYdWo40+qAdAk0r+OpfMUZ6LgbS-RA@mail.gmail.com\0" - "ref\0CAHo-OoyrOr5jXwU-j4Z4qYdWo40+qAdAk0r+OpfMUZ6LgbS-RA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org\0" - "From\0ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org (Eric W. Biederman)\0" + "From\0ebiederm@xmission.com (Eric W. Biederman)\0" "Subject\0Re: [PATCH] userns: honour no_new_privs for cap_bset during user ns creation/switch\0" "Date\0Thu, 21 Dec 2017 19:18:02 -0600\0" - "To\0Maciej \305\273enczykowski <zenczykowski-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>\0" - "Cc\0Linux Containers <containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org>" - linux-security-module-u79uwXL29TY76Z2rM5mHXA@public.gmane.org - Mahesh Bandewar <maheshb-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org> - Linux Kernel Mailing List <linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org> - " Willem de Bruijn <willemb-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>\0" + "To\0Maciej \305\273enczykowski <zenczykowski@gmail.com>\0" + "Cc\0linux-security-module@vger.kernel.org" + Linux Kernel Mailing List <linux-kernel@vger.kernel.org> + Mahesh Bandewar <maheshb@google.com> + Willem de Bruijn <willemb@google.com> + " Linux Containers <containers@lists.linux-foundation.org>\0" "\00:1\0" "b\0" "Maciej \305\273enczykowski <zenczykowski@gmail.com> writes:\n" @@ -141,10 +140,6 @@ "outside observer (bounded permissions), but there is a real difference\n" "in difficulty of implementation.\n" "\n" - "Eric\n" - "_______________________________________________\n" - "Containers mailing list\n" - "Containers@lists.linux-foundation.org\n" - https://lists.linuxfoundation.org/mailman/listinfo/containers + Eric -025820f7c30e0e43e78ddf81a974bd02c7d2f8103f7c0b9fef405e92375c91d5 +a08db0eb129f0d5908a932dfe59cc760c034d89b4a97303ee137f715b1501da6
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.