diff for duplicates of <87k23cb6os.fsf@xmission.com> diff --git a/a/1.txt b/N1/1.txt index 09975f2..4efc45f 100644 --- a/a/1.txt +++ b/N1/1.txt @@ -14,12 +14,12 @@ Theodore Ts'o <tytso@mit.edu> writes: > So correct me if I am wrong; in general, there will only be one > variant of the form: > -> security.foo at uid=15000 +> security.foo(a)uid=15000 > > It's not like there will be: > -> security.foo at uid=1000 -> security.foo at uid=2000 +> security.foo(a)uid=1000 +> security.foo(a)uid=2000 > > Except.... if you have an Distribution root directory which is shared > by many containers, you would need to put the xattrs in the overlay @@ -33,7 +33,7 @@ Theodore Ts'o <tytso@mit.edu> writes: > capability with the global uid 0 should be used for the container > "root" uid, right? > -> So this hack of using security.foo at uid=1000 is *only* useful when the +> So this hack of using security.foo(a)uid=1000 is *only* useful when the > subcontainer root wants to create the privileged executable. You > still have to do things the other way. > @@ -43,7 +43,7 @@ Theodore Ts'o <tytso@mit.edu> writes: > > exists, *or* > -> security.foo at uid=BAR +> security.foo(a)uid=BAR > > exists, but never both? And there BAR is exclusive to only one > instances? @@ -66,7 +66,3 @@ I want to see what Serge and Stefan have to say but the case looks pretty clear cut at the moment. Eric --- -To unsubscribe from this list: send the line "unsubscribe linux-security-module" in -the body of a message to majordomo at vger.kernel.org -More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/a/content_digest b/N1/content_digest index f34b201..c999ab2 100644 --- a/a/content_digest +++ b/N1/content_digest @@ -1,17 +1,9 @@ - "ref\01499785511-17192-1-git-send-email-stefanb@linux.vnet.ibm.com\0" - "ref\01499785511-17192-2-git-send-email-stefanb@linux.vnet.ibm.com\0" - "ref\087mv89iy7q.fsf@xmission.com\0" - "ref\020170712170346.GA17974@mail.hallyn.com\0" - "ref\0877ezdgsey.fsf@xmission.com\0" - "ref\074664cc8-bc3e-75d6-5892-f8934404349f@linux.vnet.ibm.com\0" - "ref\020170713011554.xwmrgkzfwnibvgcu@thunk.org\0" - "ref\087y3rscz9j.fsf@xmission.com\0" "ref\020170713164012.brj2flnkaaks2oci@thunk.org\0" - "From\0ebiederm@xmission.com (Eric W. Biederman)\0" - "Subject\0[PATCH v2] xattr: Enable security.capability in user namespaces\0" + "From\0Eric W. Biederman <ebiederm@xmission.com>\0" + "Subject\0Re: [PATCH v2] xattr: Enable security.capability in user namespaces\0" "Date\0Thu, 13 Jul 2017 12:14:11 -0500\0" - "To\0linux-security-module@vger.kernel.org\0" - "\00:1\0" + "To\0lkp@lists.01.org\0" + "\01:1\0" "b\0" "Theodore Ts'o <tytso@mit.edu> writes:\n" "\n" @@ -29,12 +21,12 @@ "> So correct me if I am wrong; in general, there will only be one\n" "> variant of the form:\n" ">\n" - "> security.foo at uid=15000\n" + "> security.foo(a)uid=15000\n" ">\n" "> It's not like there will be:\n" ">\n" - "> security.foo at uid=1000\n" - "> security.foo at uid=2000\n" + "> security.foo(a)uid=1000\n" + "> security.foo(a)uid=2000\n" ">\n" "> Except.... if you have an Distribution root directory which is shared\n" "> by many containers, you would need to put the xattrs in the overlay\n" @@ -48,7 +40,7 @@ "> capability with the global uid 0 should be used for the container\n" "> \"root\" uid, right?\n" ">\n" - "> So this hack of using security.foo at uid=1000 is *only* useful when the\n" + "> So this hack of using security.foo(a)uid=1000 is *only* useful when the\n" "> subcontainer root wants to create the privileged executable. You\n" "> still have to do things the other way.\n" ">\n" @@ -58,7 +50,7 @@ ">\n" "> exists, *or*\n" ">\n" - "> security.foo at uid=BAR\n" + "> security.foo(a)uid=BAR\n" ">\n" "> exists, but never both? And there BAR is exclusive to only one\n" "> instances?\n" @@ -80,10 +72,6 @@ "I want to see what Serge and Stefan have to say but the case looks\n" "pretty clear cut at the moment.\n" "\n" - "Eric\n" - "--\n" - "To unsubscribe from this list: send the line \"unsubscribe linux-security-module\" in\n" - "the body of a message to majordomo at vger.kernel.org\n" - More majordomo info at http://vger.kernel.org/majordomo-info.html + Eric -b75a4bc049cefe7c78f87f1af34b83602539eb8c46d586b5a13502c17008d2b5 +29a257bde0fa519a0cfdccd940c37a07d0dc52159b0b86a5d09be88eb996112c
diff --git a/a/1.txt b/N2/1.txt index 09975f2..7d75978 100644 --- a/a/1.txt +++ b/N2/1.txt @@ -14,12 +14,12 @@ Theodore Ts'o <tytso@mit.edu> writes: > So correct me if I am wrong; in general, there will only be one > variant of the form: > -> security.foo at uid=15000 +> security.foo@uid=15000 > > It's not like there will be: > -> security.foo at uid=1000 -> security.foo at uid=2000 +> security.foo@uid=1000 +> security.foo@uid=2000 > > Except.... if you have an Distribution root directory which is shared > by many containers, you would need to put the xattrs in the overlay @@ -33,7 +33,7 @@ Theodore Ts'o <tytso@mit.edu> writes: > capability with the global uid 0 should be used for the container > "root" uid, right? > -> So this hack of using security.foo at uid=1000 is *only* useful when the +> So this hack of using security.foo@uid=1000 is *only* useful when the > subcontainer root wants to create the privileged executable. You > still have to do things the other way. > @@ -43,7 +43,7 @@ Theodore Ts'o <tytso@mit.edu> writes: > > exists, *or* > -> security.foo at uid=BAR +> security.foo@uid=BAR > > exists, but never both? And there BAR is exclusive to only one > instances? @@ -66,7 +66,3 @@ I want to see what Serge and Stefan have to say but the case looks pretty clear cut at the moment. Eric --- -To unsubscribe from this list: send the line "unsubscribe linux-security-module" in -the body of a message to majordomo at vger.kernel.org -More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/a/content_digest b/N2/content_digest index f34b201..6e3b36c 100644 --- a/a/content_digest +++ b/N2/content_digest @@ -8,9 +8,22 @@ "ref\087y3rscz9j.fsf@xmission.com\0" "ref\020170713164012.brj2flnkaaks2oci@thunk.org\0" "From\0ebiederm@xmission.com (Eric W. Biederman)\0" - "Subject\0[PATCH v2] xattr: Enable security.capability in user namespaces\0" + "Subject\0Re: [PATCH v2] xattr: Enable security.capability in user namespaces\0" "Date\0Thu, 13 Jul 2017 12:14:11 -0500\0" - "To\0linux-security-module@vger.kernel.org\0" + "To\0Theodore Ts'o <tytso@mit.edu>\0" + "Cc\0Stefan Berger <stefanb@linux.vnet.ibm.com>" + Serge E. Hallyn <serge@hallyn.com> + containers@lists.linux-foundation.org + lkp@01.org + linux-kernel@vger.kernel.org + zohar@linux.vnet.ibm.com + tycho@docker.com + James.Bottomley@hansenpartnership.com + vgoyal@redhat.com + christian.brauner@mailbox.org + amir73il@gmail.com + linux-security-module@vger.kernel.org + " casey@schaufler-ca.com\0" "\00:1\0" "b\0" "Theodore Ts'o <tytso@mit.edu> writes:\n" @@ -29,12 +42,12 @@ "> So correct me if I am wrong; in general, there will only be one\n" "> variant of the form:\n" ">\n" - "> security.foo at uid=15000\n" + "> security.foo@uid=15000\n" ">\n" "> It's not like there will be:\n" ">\n" - "> security.foo at uid=1000\n" - "> security.foo at uid=2000\n" + "> security.foo@uid=1000\n" + "> security.foo@uid=2000\n" ">\n" "> Except.... if you have an Distribution root directory which is shared\n" "> by many containers, you would need to put the xattrs in the overlay\n" @@ -48,7 +61,7 @@ "> capability with the global uid 0 should be used for the container\n" "> \"root\" uid, right?\n" ">\n" - "> So this hack of using security.foo at uid=1000 is *only* useful when the\n" + "> So this hack of using security.foo@uid=1000 is *only* useful when the\n" "> subcontainer root wants to create the privileged executable. You\n" "> still have to do things the other way.\n" ">\n" @@ -58,7 +71,7 @@ ">\n" "> exists, *or*\n" ">\n" - "> security.foo at uid=BAR\n" + "> security.foo@uid=BAR\n" ">\n" "> exists, but never both? And there BAR is exclusive to only one\n" "> instances?\n" @@ -80,10 +93,6 @@ "I want to see what Serge and Stefan have to say but the case looks\n" "pretty clear cut at the moment.\n" "\n" - "Eric\n" - "--\n" - "To unsubscribe from this list: send the line \"unsubscribe linux-security-module\" in\n" - "the body of a message to majordomo at vger.kernel.org\n" - More majordomo info at http://vger.kernel.org/majordomo-info.html + Eric -b75a4bc049cefe7c78f87f1af34b83602539eb8c46d586b5a13502c17008d2b5 +b856476bfc0aaf998eae334445ead0067537994483a38085db17ea537951065a
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.