diff for duplicates of <87lgnqtxhp.fsf@xmission.com> diff --git a/a/1.txt b/N1/1.txt index a5812af..51f1932 100644 --- a/a/1.txt +++ b/N1/1.txt @@ -1,10 +1,10 @@ Theodore Ts'o <tytso@mit.edu> writes: > On Fri, Jul 14, 2017 at 01:39:59PM -0700, James Bottomley wrote: ->> but why? ?That's partly the point of all of this: some security. +>> but why? That's partly the point of all of this: some security. >> attributes can't be written by container root without some supervision >> (the capability ones are the hugely problematic ones from this point of ->> view), but for some there's no reason they shouldn't be. ?What would be +>> view), but for some there's no reason they shouldn't be. What would be >> the reason that root in a container shouldn't be able to write the ima >> xattr the same as host root could on its filesystem? > @@ -67,14 +67,3 @@ acls are implemented. But I am not going to build generic support for them, and I really don't expect they will be needed. Eric - - - - - - - --- -To unsubscribe from this list: send the line "unsubscribe linux-security-module" in -the body of a message to majordomo at vger.kernel.org -More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/a/content_digest b/N1/content_digest index 1b5600e..43218f6 100644 --- a/a/content_digest +++ b/N1/content_digest @@ -1,27 +1,17 @@ - "ref\09a3010e5-ca2b-5e7a-656b-fcc14f7bec4e@linux.vnet.ibm.com\0" - "ref\087h8yf7szd.fsf@xmission.com\0" - "ref\065dbe654-0d99-03fa-c838-5a726b462826@linux.vnet.ibm.com\0" - "ref\020170714133437.GA16737@mail.hallyn.com\0" - "ref\0596f808b-e21d-8296-5fef-23c1ce7ab778@linux.vnet.ibm.com\0" - "ref\020170714173556.GA19669@mail.hallyn.com\0" - "ref\01500058090.3583.28.camel@linux.vnet.ibm.com\0" - "ref\01500058362.2853.28.camel@HansenPartnership.com\0" - "ref\01500062619.3583.71.camel@linux.vnet.ibm.com\0" - "ref\01500064799.2853.36.camel@HansenPartnership.com\0" "ref\020170714213449.gtxtkqtxifk5j4wp@thunk.org\0" - "From\0ebiederm@xmission.com (Eric W. Biederman)\0" - "Subject\0[PATCH v2] xattr: Enable security.capability in user namespaces\0" + "From\0Eric W. Biederman <ebiederm@xmission.com>\0" + "Subject\0Re: [PATCH v2] xattr: Enable security.capability in user namespaces\0" "Date\0Fri, 14 Jul 2017 18:22:26 -0500\0" - "To\0linux-security-module@vger.kernel.org\0" - "\00:1\0" + "To\0lkp@lists.01.org\0" + "\01:1\0" "b\0" "Theodore Ts'o <tytso@mit.edu> writes:\n" "\n" "> On Fri, Jul 14, 2017 at 01:39:59PM -0700, James Bottomley wrote:\n" - ">> but why? ?That's partly the point of all of this: some security.\n" + ">> but why? \302\240That's partly the point of all of this: some security.\n" ">> attributes can't be written by container root without some supervision\n" ">> (the capability ones are the hugely problematic ones from this point of\n" - ">> view), but for some there's no reason they shouldn't be. ?What would be\n" + ">> view), but for some there's no reason they shouldn't be. \302\240What would be\n" ">> the reason that root in a container shouldn't be able to write the ima\n" ">> xattr the same as host root could on its filesystem?\n" ">\n" @@ -83,17 +73,6 @@ "acls are implemented. But I am not going to build generic support for\n" "them, and I really don't expect they will be needed. \n" "\n" - "Eric\n" - "\n" - "\n" - "\n" - "\n" - "\n" - "\n" - "\n" - "--\n" - "To unsubscribe from this list: send the line \"unsubscribe linux-security-module\" in\n" - "the body of a message to majordomo at vger.kernel.org\n" - More majordomo info at http://vger.kernel.org/majordomo-info.html + Eric -caec389c927ec889cfec63894049d717b301ea3d8808e138ef47ece25ebc52a6 +5f5454622dd910fe499c449b30bb92b577d96ce2d2b05a468be9238d8560a03c
diff --git a/a/1.txt b/N2/1.txt index a5812af..51f1932 100644 --- a/a/1.txt +++ b/N2/1.txt @@ -1,10 +1,10 @@ Theodore Ts'o <tytso@mit.edu> writes: > On Fri, Jul 14, 2017 at 01:39:59PM -0700, James Bottomley wrote: ->> but why? ?That's partly the point of all of this: some security. +>> but why? That's partly the point of all of this: some security. >> attributes can't be written by container root without some supervision >> (the capability ones are the hugely problematic ones from this point of ->> view), but for some there's no reason they shouldn't be. ?What would be +>> view), but for some there's no reason they shouldn't be. What would be >> the reason that root in a container shouldn't be able to write the ima >> xattr the same as host root could on its filesystem? > @@ -67,14 +67,3 @@ acls are implemented. But I am not going to build generic support for them, and I really don't expect they will be needed. Eric - - - - - - - --- -To unsubscribe from this list: send the line "unsubscribe linux-security-module" in -the body of a message to majordomo at vger.kernel.org -More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/a/content_digest b/N2/content_digest index 1b5600e..770c99d 100644 --- a/a/content_digest +++ b/N2/content_digest @@ -10,18 +10,28 @@ "ref\01500064799.2853.36.camel@HansenPartnership.com\0" "ref\020170714213449.gtxtkqtxifk5j4wp@thunk.org\0" "From\0ebiederm@xmission.com (Eric W. Biederman)\0" - "Subject\0[PATCH v2] xattr: Enable security.capability in user namespaces\0" + "Subject\0Re: [PATCH v2] xattr: Enable security.capability in user namespaces\0" "Date\0Fri, 14 Jul 2017 18:22:26 -0500\0" - "To\0linux-security-module@vger.kernel.org\0" + "To\0Theodore Ts'o <tytso@mit.edu>\0" + "Cc\0James Bottomley <James.Bottomley@hansenpartnership.com>" + Mimi Zohar <zohar@linux.vnet.ibm.com> + Serge E. Hallyn <serge@hallyn.com> + Stefan Berger <stefanb@linux.vnet.ibm.com> + Mimi Zohar <zohar@us.ibm.com> + containers@lists.linux-foundation.org + linux-kernel@vger.kernel.org + linux-security-module@vger.kernel.org + casey@schaufler-ca.com + " lkp@01.org\0" "\00:1\0" "b\0" "Theodore Ts'o <tytso@mit.edu> writes:\n" "\n" "> On Fri, Jul 14, 2017 at 01:39:59PM -0700, James Bottomley wrote:\n" - ">> but why? ?That's partly the point of all of this: some security.\n" + ">> but why? \302\240That's partly the point of all of this: some security.\n" ">> attributes can't be written by container root without some supervision\n" ">> (the capability ones are the hugely problematic ones from this point of\n" - ">> view), but for some there's no reason they shouldn't be. ?What would be\n" + ">> view), but for some there's no reason they shouldn't be. \302\240What would be\n" ">> the reason that root in a container shouldn't be able to write the ima\n" ">> xattr the same as host root could on its filesystem?\n" ">\n" @@ -83,17 +93,6 @@ "acls are implemented. But I am not going to build generic support for\n" "them, and I really don't expect they will be needed. \n" "\n" - "Eric\n" - "\n" - "\n" - "\n" - "\n" - "\n" - "\n" - "\n" - "--\n" - "To unsubscribe from this list: send the line \"unsubscribe linux-security-module\" in\n" - "the body of a message to majordomo at vger.kernel.org\n" - More majordomo info at http://vger.kernel.org/majordomo-info.html + Eric -caec389c927ec889cfec63894049d717b301ea3d8808e138ef47ece25ebc52a6 +1faab3c4b583d26efaa3690f19d07dee074821d5d975fb8d14e3043962bb1474
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.