diff for duplicates of <87h8yf7szd.fsf@xmission.com> diff --git a/a/1.txt b/N1/1.txt index dc218e1..89ed557 100644 --- a/a/1.txt +++ b/N1/1.txt @@ -3,17 +3,13 @@ Stefan Berger <stefanb@linux.vnet.ibm.com> writes: > On 07/13/2017 01:49 PM, Eric W. Biederman wrote: > > > My big question right now is can you implement Ted's suggested -> > restriction. Only one security.foo or secuirty.foo at ... attribute ? +> > restriction. Only one security.foo or secuirty.foo(a)... attribute ? > We need to raw-list the xattrs and do the check before writing them. I am fairly sure this can be done. > -> So now you want to allow security.foo and one security.foo at uid=<> or just a single one security.foo(@[[:print:]]*)? +> So now you want to allow security.foo and one security.foo(a)uid=<> or just a single one security.foo(@[[:print:]]*)? > The latter. Eric --- -To unsubscribe from this list: send the line "unsubscribe linux-security-module" in -the body of a message to majordomo at vger.kernel.org -More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/a/content_digest b/N1/content_digest index 69d4314..4179a1c 100644 --- a/a/content_digest +++ b/N1/content_digest @@ -1,40 +1,24 @@ - "ref\01499785511-17192-1-git-send-email-stefanb@linux.vnet.ibm.com\0" - "ref\01499785511-17192-2-git-send-email-stefanb@linux.vnet.ibm.com\0" - "ref\087mv89iy7q.fsf@xmission.com\0" - "ref\020170712170346.GA17974@mail.hallyn.com\0" - "ref\0877ezdgsey.fsf@xmission.com\0" - "ref\074664cc8-bc3e-75d6-5892-f8934404349f@linux.vnet.ibm.com\0" - "ref\020170713011554.xwmrgkzfwnibvgcu@thunk.org\0" - "ref\087y3rscz9j.fsf@xmission.com\0" - "ref\020170713164012.brj2flnkaaks2oci@thunk.org\0" - "ref\087k23cb6os.fsf@xmission.com\0" - "ref\0847ccb2a-30c0-a94c-df6f-091c8901eaa0@linux.vnet.ibm.com\0" - "ref\087bmoo8bxb.fsf@xmission.com\0" "ref\09a3010e5-ca2b-5e7a-656b-fcc14f7bec4e@linux.vnet.ibm.com\0" - "From\0ebiederm@xmission.com (Eric W. Biederman)\0" - "Subject\0[PATCH v2] xattr: Enable security.capability in user namespaces\0" + "From\0Eric W. Biederman <ebiederm@xmission.com>\0" + "Subject\0Re: [PATCH v2] xattr: Enable security.capability in user namespaces\0" "Date\0Thu, 13 Jul 2017 19:38:30 -0500\0" - "To\0linux-security-module@vger.kernel.org\0" - "\00:1\0" + "To\0lkp@lists.01.org\0" + "\01:1\0" "b\0" "Stefan Berger <stefanb@linux.vnet.ibm.com> writes:\n" "\n" "> On 07/13/2017 01:49 PM, Eric W. Biederman wrote:\n" ">\n" "> > My big question right now is can you implement Ted's suggested\n" - "> > restriction. Only one security.foo or secuirty.foo at ... attribute ?\n" + "> > restriction. Only one security.foo or secuirty.foo(a)... attribute ?\n" "\n" "> We need to raw-list the xattrs and do the check before writing them. I am fairly sure this can be done.\n" ">\n" - "> So now you want to allow security.foo and one security.foo at uid=<> or just a single one security.foo(@[[:print:]]*)?\n" + "> So now you want to allow security.foo and one security.foo(a)uid=<> or just a single one security.foo(@[[:print:]]*)?\n" ">\n" "\n" "The latter.\n" "\n" - "Eric\n" - "--\n" - "To unsubscribe from this list: send the line \"unsubscribe linux-security-module\" in\n" - "the body of a message to majordomo at vger.kernel.org\n" - More majordomo info at http://vger.kernel.org/majordomo-info.html + Eric -a06e0bf4438dad1f8a3cadcd0eb5c3165c0fb33874f40e9bff74c7e60d0768d1 +d7abc0582501e9a1913379df679824ee769b441bef358b5c0383b6096841cbf1
diff --git a/a/1.txt b/N2/1.txt index dc218e1..05429bb 100644 --- a/a/1.txt +++ b/N2/1.txt @@ -3,17 +3,13 @@ Stefan Berger <stefanb@linux.vnet.ibm.com> writes: > On 07/13/2017 01:49 PM, Eric W. Biederman wrote: > > > My big question right now is can you implement Ted's suggested -> > restriction. Only one security.foo or secuirty.foo at ... attribute ? +> > restriction. Only one security.foo or secuirty.foo@... attribute ? > We need to raw-list the xattrs and do the check before writing them. I am fairly sure this can be done. > -> So now you want to allow security.foo and one security.foo at uid=<> or just a single one security.foo(@[[:print:]]*)? +> So now you want to allow security.foo and one security.foo@uid=<> or just a single one security.foo(@[[:print:]]*)? > The latter. Eric --- -To unsubscribe from this list: send the line "unsubscribe linux-security-module" in -the body of a message to majordomo at vger.kernel.org -More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/a/content_digest b/N2/content_digest index 69d4314..aab8af4 100644 --- a/a/content_digest +++ b/N2/content_digest @@ -12,9 +12,22 @@ "ref\087bmoo8bxb.fsf@xmission.com\0" "ref\09a3010e5-ca2b-5e7a-656b-fcc14f7bec4e@linux.vnet.ibm.com\0" "From\0ebiederm@xmission.com (Eric W. Biederman)\0" - "Subject\0[PATCH v2] xattr: Enable security.capability in user namespaces\0" + "Subject\0Re: [PATCH v2] xattr: Enable security.capability in user namespaces\0" "Date\0Thu, 13 Jul 2017 19:38:30 -0500\0" - "To\0linux-security-module@vger.kernel.org\0" + "To\0Stefan Berger <stefanb@linux.vnet.ibm.com>\0" + "Cc\0Theodore Ts'o <tytso@mit.edu>" + Serge E. Hallyn <serge@hallyn.com> + containers@lists.linux-foundation.org + lkp@01.org + linux-kernel@vger.kernel.org + zohar@linux.vnet.ibm.com + tycho@docker.com + James.Bottomley@hansenpartnership.com + vgoyal@redhat.com + christian.brauner@mailbox.org + amir73il@gmail.com + linux-security-module@vger.kernel.org + " casey@schaufler-ca.com\0" "\00:1\0" "b\0" "Stefan Berger <stefanb@linux.vnet.ibm.com> writes:\n" @@ -22,19 +35,15 @@ "> On 07/13/2017 01:49 PM, Eric W. Biederman wrote:\n" ">\n" "> > My big question right now is can you implement Ted's suggested\n" - "> > restriction. Only one security.foo or secuirty.foo at ... attribute ?\n" + "> > restriction. Only one security.foo or secuirty.foo@... attribute ?\n" "\n" "> We need to raw-list the xattrs and do the check before writing them. I am fairly sure this can be done.\n" ">\n" - "> So now you want to allow security.foo and one security.foo at uid=<> or just a single one security.foo(@[[:print:]]*)?\n" + "> So now you want to allow security.foo and one security.foo@uid=<> or just a single one security.foo(@[[:print:]]*)?\n" ">\n" "\n" "The latter.\n" "\n" - "Eric\n" - "--\n" - "To unsubscribe from this list: send the line \"unsubscribe linux-security-module\" in\n" - "the body of a message to majordomo at vger.kernel.org\n" - More majordomo info at http://vger.kernel.org/majordomo-info.html + Eric -a06e0bf4438dad1f8a3cadcd0eb5c3165c0fb33874f40e9bff74c7e60d0768d1 +e4b701407847e58aa744fc2db5ac08cf519161f0153de653dc8057018e65f6d0
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.