diff for duplicates of <87mv886ny2.fsf@xmission.com> diff --git a/a/1.txt b/N1/1.txt index 0fc1667..1e1e95d 100644 --- a/a/1.txt +++ b/N1/1.txt @@ -1,6 +1,6 @@ "Serge E. Hallyn" <serge@hallyn.com> writes: -> Quoting Eric W. Biederman (ebiederm at xmission.com): +> Quoting Eric W. Biederman (ebiederm(a)xmission.com): >> Stefan Berger <stefanb@linux.vnet.ibm.com> writes: >> >> > On 07/13/2017 01:14 PM, Eric W. Biederman wrote: @@ -19,12 +19,12 @@ >> >>> So correct me if I am wrong; in general, there will only be one >> >>> variant of the form: >> >>> ->> >>> security.foo at uid=15000 +>> >>> security.foo(a)uid=15000 >> >>> >> >>> It's not like there will be: >> >>> ->> >>> security.foo at uid=1000 ->> >>> security.foo at uid=2000 +>> >>> security.foo(a)uid=1000 +>> >>> security.foo(a)uid=2000 >> >>> >> >>> Except.... if you have an Distribution root directory which is shared >> >>> by many containers, you would need to put the xattrs in the overlay @@ -38,7 +38,7 @@ >> >>> capability with the global uid 0 should be used for the container >> >>> "root" uid, right? >> >>> ->> >>> So this hack of using security.foo at uid=1000 is *only* useful when the +>> >>> So this hack of using security.foo(a)uid=1000 is *only* useful when the >> >>> subcontainer root wants to create the privileged executable. You >> >>> still have to do things the other way. >> >>> @@ -48,7 +48,7 @@ >> >>> >> >>> exists, *or* >> >>> ->> >>> security.foo at uid=BAR +>> >>> security.foo(a)uid=BAR >> >>> >> >>> exists, but never both? And there BAR is exclusive to only one >> >>> instances? @@ -100,8 +100,3 @@ calculating that security xattr could become time prohibitive. Eric - --- -To unsubscribe from this list: send the line "unsubscribe linux-security-module" in -the body of a message to majordomo at vger.kernel.org -More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/a/content_digest b/N1/content_digest index 4623a6b..918a7ce 100644 --- a/a/content_digest +++ b/N1/content_digest @@ -1,23 +1,13 @@ - "ref\087mv89iy7q.fsf@xmission.com\0" - "ref\020170712170346.GA17974@mail.hallyn.com\0" - "ref\0877ezdgsey.fsf@xmission.com\0" - "ref\074664cc8-bc3e-75d6-5892-f8934404349f@linux.vnet.ibm.com\0" - "ref\020170713011554.xwmrgkzfwnibvgcu@thunk.org\0" - "ref\087y3rscz9j.fsf@xmission.com\0" - "ref\020170713164012.brj2flnkaaks2oci@thunk.org\0" - "ref\087k23cb6os.fsf@xmission.com\0" - "ref\0847ccb2a-30c0-a94c-df6f-091c8901eaa0@linux.vnet.ibm.com\0" - "ref\087bmoo8bxb.fsf@xmission.com\0" "ref\020170713194842.GB4895@mail.hallyn.com\0" - "From\0ebiederm@xmission.com (Eric W. Biederman)\0" - "Subject\0[PATCH v2] xattr: Enable security.capability in user namespaces\0" + "From\0Eric W. Biederman <ebiederm@xmission.com>\0" + "Subject\0Re: [PATCH v2] xattr: Enable security.capability in user namespaces\0" "Date\0Thu, 13 Jul 2017 16:12:37 -0500\0" - "To\0linux-security-module@vger.kernel.org\0" - "\00:1\0" + "To\0lkp@lists.01.org\0" + "\01:1\0" "b\0" "\"Serge E. Hallyn\" <serge@hallyn.com> writes:\n" "\n" - "> Quoting Eric W. Biederman (ebiederm at xmission.com):\n" + "> Quoting Eric W. Biederman (ebiederm(a)xmission.com):\n" ">> Stefan Berger <stefanb@linux.vnet.ibm.com> writes:\n" ">> \n" ">> > On 07/13/2017 01:14 PM, Eric W. Biederman wrote:\n" @@ -36,12 +26,12 @@ ">> >>> So correct me if I am wrong; in general, there will only be one\n" ">> >>> variant of the form:\n" ">> >>>\n" - ">> >>> security.foo at uid=15000\n" + ">> >>> security.foo(a)uid=15000\n" ">> >>>\n" ">> >>> It's not like there will be:\n" ">> >>>\n" - ">> >>> security.foo at uid=1000\n" - ">> >>> security.foo at uid=2000\n" + ">> >>> security.foo(a)uid=1000\n" + ">> >>> security.foo(a)uid=2000\n" ">> >>>\n" ">> >>> Except.... if you have an Distribution root directory which is shared\n" ">> >>> by many containers, you would need to put the xattrs in the overlay\n" @@ -55,7 +45,7 @@ ">> >>> capability with the global uid 0 should be used for the container\n" ">> >>> \"root\" uid, right?\n" ">> >>>\n" - ">> >>> So this hack of using security.foo at uid=1000 is *only* useful when the\n" + ">> >>> So this hack of using security.foo(a)uid=1000 is *only* useful when the\n" ">> >>> subcontainer root wants to create the privileged executable. You\n" ">> >>> still have to do things the other way.\n" ">> >>>\n" @@ -65,7 +55,7 @@ ">> >>>\n" ">> >>> exists, *or*\n" ">> >>>\n" - ">> >>> security.foo at uid=BAR\n" + ">> >>> security.foo(a)uid=BAR\n" ">> >>>\n" ">> >>> exists, but never both? And there BAR is exclusive to only one\n" ">> >>> instances?\n" @@ -116,11 +106,6 @@ "calculating that security xattr could become time prohibitive.\n" "\n" "\n" - "Eric\n" - "\n" - "--\n" - "To unsubscribe from this list: send the line \"unsubscribe linux-security-module\" in\n" - "the body of a message to majordomo at vger.kernel.org\n" - More majordomo info at http://vger.kernel.org/majordomo-info.html + Eric -0a09cbd67b010e80b9eff0e04e7e862b32ae8c19dd04a0ea71bc21d5d4459d8a +4688a553f1bb7afe26eea1ca73a0edcf5fe822fb3a7e30fc9d394219ca0e62b2
diff --git a/a/1.txt b/N2/1.txt index 0fc1667..af8cdb7 100644 --- a/a/1.txt +++ b/N2/1.txt @@ -1,6 +1,6 @@ "Serge E. Hallyn" <serge@hallyn.com> writes: -> Quoting Eric W. Biederman (ebiederm at xmission.com): +> Quoting Eric W. Biederman (ebiederm@xmission.com): >> Stefan Berger <stefanb@linux.vnet.ibm.com> writes: >> >> > On 07/13/2017 01:14 PM, Eric W. Biederman wrote: @@ -19,12 +19,12 @@ >> >>> So correct me if I am wrong; in general, there will only be one >> >>> variant of the form: >> >>> ->> >>> security.foo at uid=15000 +>> >>> security.foo@uid=15000 >> >>> >> >>> It's not like there will be: >> >>> ->> >>> security.foo at uid=1000 ->> >>> security.foo at uid=2000 +>> >>> security.foo@uid=1000 +>> >>> security.foo@uid=2000 >> >>> >> >>> Except.... if you have an Distribution root directory which is shared >> >>> by many containers, you would need to put the xattrs in the overlay @@ -38,7 +38,7 @@ >> >>> capability with the global uid 0 should be used for the container >> >>> "root" uid, right? >> >>> ->> >>> So this hack of using security.foo at uid=1000 is *only* useful when the +>> >>> So this hack of using security.foo@uid=1000 is *only* useful when the >> >>> subcontainer root wants to create the privileged executable. You >> >>> still have to do things the other way. >> >>> @@ -48,7 +48,7 @@ >> >>> >> >>> exists, *or* >> >>> ->> >>> security.foo at uid=BAR +>> >>> security.foo@uid=BAR >> >>> >> >>> exists, but never both? And there BAR is exclusive to only one >> >>> instances? @@ -100,8 +100,3 @@ calculating that security xattr could become time prohibitive. Eric - --- -To unsubscribe from this list: send the line "unsubscribe linux-security-module" in -the body of a message to majordomo at vger.kernel.org -More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/a/content_digest b/N2/content_digest index 4623a6b..8eac8a7 100644 --- a/a/content_digest +++ b/N2/content_digest @@ -10,14 +10,27 @@ "ref\087bmoo8bxb.fsf@xmission.com\0" "ref\020170713194842.GB4895@mail.hallyn.com\0" "From\0ebiederm@xmission.com (Eric W. Biederman)\0" - "Subject\0[PATCH v2] xattr: Enable security.capability in user namespaces\0" + "Subject\0Re: [PATCH v2] xattr: Enable security.capability in user namespaces\0" "Date\0Thu, 13 Jul 2017 16:12:37 -0500\0" - "To\0linux-security-module@vger.kernel.org\0" + "To\0Serge E. Hallyn <serge@hallyn.com>\0" + "Cc\0Stefan Berger <stefanb@linux.vnet.ibm.com>" + Theodore Ts'o <tytso@mit.edu> + containers@lists.linux-foundation.org + lkp@01.org + linux-kernel@vger.kernel.org + zohar@linux.vnet.ibm.com + tycho@docker.com + James.Bottomley@hansenpartnership.com + vgoyal@redhat.com + christian.brauner@mailbox.org + amir73il@gmail.com + linux-security-module@vger.kernel.org + " casey@schaufler-ca.com\0" "\00:1\0" "b\0" "\"Serge E. Hallyn\" <serge@hallyn.com> writes:\n" "\n" - "> Quoting Eric W. Biederman (ebiederm at xmission.com):\n" + "> Quoting Eric W. Biederman (ebiederm@xmission.com):\n" ">> Stefan Berger <stefanb@linux.vnet.ibm.com> writes:\n" ">> \n" ">> > On 07/13/2017 01:14 PM, Eric W. Biederman wrote:\n" @@ -36,12 +49,12 @@ ">> >>> So correct me if I am wrong; in general, there will only be one\n" ">> >>> variant of the form:\n" ">> >>>\n" - ">> >>> security.foo at uid=15000\n" + ">> >>> security.foo@uid=15000\n" ">> >>>\n" ">> >>> It's not like there will be:\n" ">> >>>\n" - ">> >>> security.foo at uid=1000\n" - ">> >>> security.foo at uid=2000\n" + ">> >>> security.foo@uid=1000\n" + ">> >>> security.foo@uid=2000\n" ">> >>>\n" ">> >>> Except.... if you have an Distribution root directory which is shared\n" ">> >>> by many containers, you would need to put the xattrs in the overlay\n" @@ -55,7 +68,7 @@ ">> >>> capability with the global uid 0 should be used for the container\n" ">> >>> \"root\" uid, right?\n" ">> >>>\n" - ">> >>> So this hack of using security.foo at uid=1000 is *only* useful when the\n" + ">> >>> So this hack of using security.foo@uid=1000 is *only* useful when the\n" ">> >>> subcontainer root wants to create the privileged executable. You\n" ">> >>> still have to do things the other way.\n" ">> >>>\n" @@ -65,7 +78,7 @@ ">> >>>\n" ">> >>> exists, *or*\n" ">> >>>\n" - ">> >>> security.foo at uid=BAR\n" + ">> >>> security.foo@uid=BAR\n" ">> >>>\n" ">> >>> exists, but never both? And there BAR is exclusive to only one\n" ">> >>> instances?\n" @@ -116,11 +129,6 @@ "calculating that security xattr could become time prohibitive.\n" "\n" "\n" - "Eric\n" - "\n" - "--\n" - "To unsubscribe from this list: send the line \"unsubscribe linux-security-module\" in\n" - "the body of a message to majordomo at vger.kernel.org\n" - More majordomo info at http://vger.kernel.org/majordomo-info.html + Eric -0a09cbd67b010e80b9eff0e04e7e862b32ae8c19dd04a0ea71bc21d5d4459d8a +0e6c79805b94aa09b34cdb92d63dcc0156527297335cf4fc613c7b4d1df4f066
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.