diff for duplicates of <87mv89iy7q.fsf@xmission.com> diff --git a/a/1.txt b/N1/1.txt index 63124cf..c195a8d 100644 --- a/a/1.txt +++ b/N1/1.txt @@ -12,27 +12,27 @@ Stefan Berger <"Stefan Bergerstefanb"@linux.vnet.ibm.com> writes: > Reading of extended attributes: > > 1a) Reading security.foo from a user namespace will read -> security.foo at uid=<uid> of the parent user namespace instead with uid +> security.foo(a)uid=<uid> of the parent user namespace instead with uid > being the mapping of root in that parent user namespace. An > exception is if root is mapped to uid 0 on the host, and in this case > we will read security.foo directly. -> --> reading security.foo will read security.foo at uid=1000 for uid +> --> reading security.foo will read security.foo(a)uid=1000 for uid > mapping of root to 1000. > -> 1b) If security.foo at uid=<uid> is not available, the security.foo of the +> 1b) If security.foo(a)uid=<uid> is not available, the security.foo of the > parent namespace is tried to be read. This procedure is repeated up to > the init user namespace. This step only applies for reading of extended > attributes and provides the same behavior as older system where the > host's extended attributes applied to user namespaces. > -> 2) All security.foo at uid=<uid> with valid uid mapping in the user namespace +> 2) All security.foo(a)uid=<uid> with valid uid mapping in the user namespace > can be read. The uid within the user namespace will be mapped to the > corresponding uid on the host and that uid will be used in the name of > the extended attribute. -> -> reading security.foo at uid=1 will read security.foo at uid=1001 for uid +> -> reading security.foo(a)uid=1 will read security.foo(a)uid=1001 for uid > mapping of root to 1000, size of at least 2. > -> All security.foo at uid=<uid> can be read (by root) on the host with values +> All security.foo(a)uid=<uid> can be read (by root) on the host with values > of <uid> also being subject to checking for valid mappings. > > 3) No other security.foo* can be read. @@ -44,8 +44,8 @@ Stefan Berger <"Stefan Bergerstefanb"@linux.vnet.ibm.com> writes: > to the user namespace that have a valid mapping. Besides that, names > of the extended attributes are adjusted to represent the mapping. > This means that if root is mapped to uid 1000 on the host, the -> security.foo at uid=1000 will be listed as security.foo in the user -> namespace, security.foo at uid=1001 becomes security.foo at uid=1 and so on. +> security.foo(a)uid=1000 will be listed as security.foo in the user +> namespace, security.foo(a)uid=1001 becomes security.foo(a)uid=1 and so on. > > Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com> > Signed-off-by: Serge Hallyn <serge@hallyn.com> @@ -119,7 +119,7 @@ Eric > +} > + > +/* -> + * xattr_write_uid - print a string in the format of "%s at uid=%u", which +> + * xattr_write_uid - print a string in the format of "%s(a)uid=%u", which > + * includes a prefix string > + * > + * @uid: the uid @@ -145,7 +145,7 @@ Eric > + if (uid == 0) > + *buffer = 0; > + else -> + sprintf(buffer, "%s at uid=%u", +> + sprintf(buffer, "%s(a)uid=%u", > + (prefix) ? prefix : "", > + uid); > + @@ -387,27 +387,27 @@ Eric > + * > + * Reading: > + * 1a) Reading security.foo from a user namespace will read -> + * security.foo at uid=<uid> of the parent user namespace instead with uid +> + * security.foo(a)uid=<uid> of the parent user namespace instead with uid > + * being the mapping of root in that parent user namespace. An > + * exception is if root is mapped to uid 0 on the host, and in this case > + * we will read security.foo directly. -> + * -> reading security.foo will read security.foo at uid=1000 for a uid +> + * -> reading security.foo will read security.foo(a)uid=1000 for a uid > + * mapping of root to 1000. > + * -> + * 1b) If security.foo at uid=<uid> is not available, the security.foo of the +> + * 1b) If security.foo(a)uid=<uid> is not available, the security.foo of the > + * parent namespace is tried to be read. This procedure is repeated up to > + * the init user namespace. This step only applies for reading of extended > + * attributes and provides the same behavior as older systems where the > + * host's extended attributes applied to user namespaces. > + * -> + * 2) All security.foo at uid=<uid> with valid uid mappings in the user namespace +> + * 2) All security.foo(a)uid=<uid> with valid uid mappings in the user namespace > + * an be read. The uid within the user namespace will be mapped to the > + * corresponding uid on the host and that uid will be used in the name of > + * the extended attribute. -> + * -> reading security.foo at uid=1 will read security.foo at uid=1001 for a uid +> + * -> reading security.foo(a)uid=1 will read security.foo(a)uid=1001 for a uid > + * mapping of root to 1000, size of at least 2. > + * -> + * All security.foo at uid=<uid> can be read (by root) on the host with values +> + * All security.foo(a)uid=<uid> can be read (by root) on the host with values > + * of <uid> also being subject to checking for valid mappings. > + * > + * 3) No other security.foo* can be read. @@ -434,7 +434,7 @@ Eric > + if (idx < 0) > + goto out_copy; > + -> + /* read security.foo? --> read security.foo at uid=<uid> instead */ +> + /* read security.foo? --> read security.foo(a)uid=<uid> instead */ > + len = strlen(userns_xattrs[idx]); > + if (name[len] == 0) { > + /* @@ -714,7 +714,3 @@ Eric > return -EPERM; > } else if (!capable(CAP_SYS_ADMIN)) { > /* A different attribute in the security namespace. --- -To unsubscribe from this list: send the line "unsubscribe linux-security-module" in -the body of a message to majordomo at vger.kernel.org -More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/a/content_digest b/N1/content_digest index cfe2e3e..5c60e02 100644 --- a/a/content_digest +++ b/N1/content_digest @@ -1,10 +1,9 @@ - "ref\01499785511-17192-1-git-send-email-stefanb@linux.vnet.ibm.com\0" "ref\01499785511-17192-2-git-send-email-stefanb@linux.vnet.ibm.com\0" - "From\0ebiederm@xmission.com (Eric W. Biederman)\0" - "Subject\0[PATCH v2] xattr: Enable security.capability in user namespaces\0" + "From\0Eric W. Biederman <ebiederm@xmission.com>\0" + "Subject\0Re: [PATCH v2] xattr: Enable security.capability in user namespaces\0" "Date\0Wed, 12 Jul 2017 08:25:29 -0500\0" - "To\0linux-security-module@vger.kernel.org\0" - "\00:1\0" + "To\0lkp@lists.01.org\0" + "\01:1\0" "b\0" "Stefan Berger <\"Stefan Bergerstefanb\"@linux.vnet.ibm.com> writes:\n" "\n" @@ -20,27 +19,27 @@ "> Reading of extended attributes:\n" ">\n" "> 1a) Reading security.foo from a user namespace will read\n" - "> security.foo at uid=<uid> of the parent user namespace instead with uid\n" + "> security.foo(a)uid=<uid> of the parent user namespace instead with uid\n" "> being the mapping of root in that parent user namespace. An\n" "> exception is if root is mapped to uid 0 on the host, and in this case\n" "> we will read security.foo directly.\n" - "> --> reading security.foo will read security.foo at uid=1000 for uid\n" + "> --> reading security.foo will read security.foo(a)uid=1000 for uid\n" "> mapping of root to 1000.\n" ">\n" - "> 1b) If security.foo at uid=<uid> is not available, the security.foo of the\n" + "> 1b) If security.foo(a)uid=<uid> is not available, the security.foo of the\n" "> parent namespace is tried to be read. This procedure is repeated up to\n" "> the init user namespace. This step only applies for reading of extended\n" "> attributes and provides the same behavior as older system where the\n" "> host's extended attributes applied to user namespaces.\n" ">\n" - "> 2) All security.foo at uid=<uid> with valid uid mapping in the user namespace\n" + "> 2) All security.foo(a)uid=<uid> with valid uid mapping in the user namespace\n" "> can be read. The uid within the user namespace will be mapped to the\n" "> corresponding uid on the host and that uid will be used in the name of\n" "> the extended attribute.\n" - "> -> reading security.foo at uid=1 will read security.foo at uid=1001 for uid\n" + "> -> reading security.foo(a)uid=1 will read security.foo(a)uid=1001 for uid\n" "> mapping of root to 1000, size of at least 2.\n" ">\n" - "> All security.foo at uid=<uid> can be read (by root) on the host with values\n" + "> All security.foo(a)uid=<uid> can be read (by root) on the host with values\n" "> of <uid> also being subject to checking for valid mappings.\n" ">\n" "> 3) No other security.foo* can be read.\n" @@ -52,8 +51,8 @@ "> to the user namespace that have a valid mapping. Besides that, names\n" "> of the extended attributes are adjusted to represent the mapping.\n" "> This means that if root is mapped to uid 1000 on the host, the\n" - "> security.foo at uid=1000 will be listed as security.foo in the user\n" - "> namespace, security.foo at uid=1001 becomes security.foo at uid=1 and so on.\n" + "> security.foo(a)uid=1000 will be listed as security.foo in the user\n" + "> namespace, security.foo(a)uid=1001 becomes security.foo(a)uid=1 and so on.\n" ">\n" "> Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>\n" "> Signed-off-by: Serge Hallyn <serge@hallyn.com>\n" @@ -127,7 +126,7 @@ "> +}\n" "> +\n" "> +/*\n" - "> + * xattr_write_uid - print a string in the format of \"%s at uid=%u\", which\n" + "> + * xattr_write_uid - print a string in the format of \"%s(a)uid=%u\", which\n" "> + * includes a prefix string\n" "> + *\n" "> + * @uid: the uid\n" @@ -153,7 +152,7 @@ "> +\tif (uid == 0)\n" "> +\t\t*buffer = 0;\n" "> +\telse\n" - "> +\t\tsprintf(buffer, \"%s at uid=%u\",\n" + "> +\t\tsprintf(buffer, \"%s(a)uid=%u\",\n" "> +\t\t\t(prefix) ? prefix : \"\",\n" "> +\t\t\tuid);\n" "> +\n" @@ -395,27 +394,27 @@ "> + *\n" "> + * Reading:\n" "> + * 1a) Reading security.foo from a user namespace will read\n" - "> + * security.foo at uid=<uid> of the parent user namespace instead with uid\n" + "> + * security.foo(a)uid=<uid> of the parent user namespace instead with uid\n" "> + * being the mapping of root in that parent user namespace. An\n" "> + * exception is if root is mapped to uid 0 on the host, and in this case\n" "> + * we will read security.foo directly.\n" - "> + * -> reading security.foo will read security.foo at uid=1000 for a uid\n" + "> + * -> reading security.foo will read security.foo(a)uid=1000 for a uid\n" "> + * mapping of root to 1000.\n" "> + *\n" - "> + * 1b) If security.foo at uid=<uid> is not available, the security.foo of the\n" + "> + * 1b) If security.foo(a)uid=<uid> is not available, the security.foo of the\n" "> + * parent namespace is tried to be read. This procedure is repeated up to\n" "> + * the init user namespace. This step only applies for reading of extended\n" "> + * attributes and provides the same behavior as older systems where the\n" "> + * host's extended attributes applied to user namespaces.\n" "> + *\n" - "> + * 2) All security.foo at uid=<uid> with valid uid mappings in the user namespace\n" + "> + * 2) All security.foo(a)uid=<uid> with valid uid mappings in the user namespace\n" "> + * an be read. The uid within the user namespace will be mapped to the\n" "> + * corresponding uid on the host and that uid will be used in the name of\n" "> + * the extended attribute.\n" - "> + * -> reading security.foo at uid=1 will read security.foo at uid=1001 for a uid\n" + "> + * -> reading security.foo(a)uid=1 will read security.foo(a)uid=1001 for a uid\n" "> + * mapping of root to 1000, size of at least 2.\n" "> + *\n" - "> + * All security.foo at uid=<uid> can be read (by root) on the host with values\n" + "> + * All security.foo(a)uid=<uid> can be read (by root) on the host with values\n" "> + * of <uid> also being subject to checking for valid mappings.\n" "> + *\n" "> + * 3) No other security.foo* can be read.\n" @@ -442,7 +441,7 @@ "> +\tif (idx < 0)\n" "> +\t\tgoto out_copy;\n" "> +\n" - "> +\t/* read security.foo? --> read security.foo at uid=<uid> instead */\n" + "> +\t/* read security.foo? --> read security.foo(a)uid=<uid> instead */\n" "> +\tlen = strlen(userns_xattrs[idx]);\n" "> +\tif (name[len] == 0) {\n" "> +\t\t/*\n" @@ -721,10 +720,6 @@ "> +\t\t\tif (!capable_wrt_inode_uidgid(inode, CAP_SETFCAP))\n" "> \t\t\t\treturn -EPERM;\n" "> \t\t} else if (!capable(CAP_SYS_ADMIN)) {\n" - "> \t\t\t/* A different attribute in the security namespace.\n" - "--\n" - "To unsubscribe from this list: send the line \"unsubscribe linux-security-module\" in\n" - "the body of a message to majordomo at vger.kernel.org\n" - More majordomo info at http://vger.kernel.org/majordomo-info.html + "> \t\t\t/* A different attribute in the security namespace." -20edb050508a28fc5dd6e0f7abb2999a97dbe9559322f96146baad5678030af7 +40c10396b00839726711af61986ca191ff3e1eeff307defc82fca73b96da0fd6
diff --git a/a/1.txt b/N2/1.txt index 63124cf..7ad30e8 100644 --- a/a/1.txt +++ b/N2/1.txt @@ -12,27 +12,27 @@ Stefan Berger <"Stefan Bergerstefanb"@linux.vnet.ibm.com> writes: > Reading of extended attributes: > > 1a) Reading security.foo from a user namespace will read -> security.foo at uid=<uid> of the parent user namespace instead with uid +> security.foo@uid=<uid> of the parent user namespace instead with uid > being the mapping of root in that parent user namespace. An > exception is if root is mapped to uid 0 on the host, and in this case > we will read security.foo directly. -> --> reading security.foo will read security.foo at uid=1000 for uid +> --> reading security.foo will read security.foo@uid=1000 for uid > mapping of root to 1000. > -> 1b) If security.foo at uid=<uid> is not available, the security.foo of the +> 1b) If security.foo@uid=<uid> is not available, the security.foo of the > parent namespace is tried to be read. This procedure is repeated up to > the init user namespace. This step only applies for reading of extended > attributes and provides the same behavior as older system where the > host's extended attributes applied to user namespaces. > -> 2) All security.foo at uid=<uid> with valid uid mapping in the user namespace +> 2) All security.foo@uid=<uid> with valid uid mapping in the user namespace > can be read. The uid within the user namespace will be mapped to the > corresponding uid on the host and that uid will be used in the name of > the extended attribute. -> -> reading security.foo at uid=1 will read security.foo at uid=1001 for uid +> -> reading security.foo@uid=1 will read security.foo@uid=1001 for uid > mapping of root to 1000, size of at least 2. > -> All security.foo at uid=<uid> can be read (by root) on the host with values +> All security.foo@uid=<uid> can be read (by root) on the host with values > of <uid> also being subject to checking for valid mappings. > > 3) No other security.foo* can be read. @@ -44,8 +44,8 @@ Stefan Berger <"Stefan Bergerstefanb"@linux.vnet.ibm.com> writes: > to the user namespace that have a valid mapping. Besides that, names > of the extended attributes are adjusted to represent the mapping. > This means that if root is mapped to uid 1000 on the host, the -> security.foo at uid=1000 will be listed as security.foo in the user -> namespace, security.foo at uid=1001 becomes security.foo at uid=1 and so on. +> security.foo@uid=1000 will be listed as security.foo in the user +> namespace, security.foo@uid=1001 becomes security.foo@uid=1 and so on. > > Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com> > Signed-off-by: Serge Hallyn <serge@hallyn.com> @@ -119,7 +119,7 @@ Eric > +} > + > +/* -> + * xattr_write_uid - print a string in the format of "%s at uid=%u", which +> + * xattr_write_uid - print a string in the format of "%s@uid=%u", which > + * includes a prefix string > + * > + * @uid: the uid @@ -145,7 +145,7 @@ Eric > + if (uid == 0) > + *buffer = 0; > + else -> + sprintf(buffer, "%s at uid=%u", +> + sprintf(buffer, "%s@uid=%u", > + (prefix) ? prefix : "", > + uid); > + @@ -387,27 +387,27 @@ Eric > + * > + * Reading: > + * 1a) Reading security.foo from a user namespace will read -> + * security.foo at uid=<uid> of the parent user namespace instead with uid +> + * security.foo@uid=<uid> of the parent user namespace instead with uid > + * being the mapping of root in that parent user namespace. An > + * exception is if root is mapped to uid 0 on the host, and in this case > + * we will read security.foo directly. -> + * -> reading security.foo will read security.foo at uid=1000 for a uid +> + * -> reading security.foo will read security.foo@uid=1000 for a uid > + * mapping of root to 1000. > + * -> + * 1b) If security.foo at uid=<uid> is not available, the security.foo of the +> + * 1b) If security.foo@uid=<uid> is not available, the security.foo of the > + * parent namespace is tried to be read. This procedure is repeated up to > + * the init user namespace. This step only applies for reading of extended > + * attributes and provides the same behavior as older systems where the > + * host's extended attributes applied to user namespaces. > + * -> + * 2) All security.foo at uid=<uid> with valid uid mappings in the user namespace +> + * 2) All security.foo@uid=<uid> with valid uid mappings in the user namespace > + * an be read. The uid within the user namespace will be mapped to the > + * corresponding uid on the host and that uid will be used in the name of > + * the extended attribute. -> + * -> reading security.foo at uid=1 will read security.foo at uid=1001 for a uid +> + * -> reading security.foo@uid=1 will read security.foo@uid=1001 for a uid > + * mapping of root to 1000, size of at least 2. > + * -> + * All security.foo at uid=<uid> can be read (by root) on the host with values +> + * All security.foo@uid=<uid> can be read (by root) on the host with values > + * of <uid> also being subject to checking for valid mappings. > + * > + * 3) No other security.foo* can be read. @@ -434,7 +434,7 @@ Eric > + if (idx < 0) > + goto out_copy; > + -> + /* read security.foo? --> read security.foo at uid=<uid> instead */ +> + /* read security.foo? --> read security.foo@uid=<uid> instead */ > + len = strlen(userns_xattrs[idx]); > + if (name[len] == 0) { > + /* @@ -714,7 +714,3 @@ Eric > return -EPERM; > } else if (!capable(CAP_SYS_ADMIN)) { > /* A different attribute in the security namespace. --- -To unsubscribe from this list: send the line "unsubscribe linux-security-module" in -the body of a message to majordomo at vger.kernel.org -More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/a/content_digest b/N2/content_digest index cfe2e3e..dfe4eef 100644 --- a/a/content_digest +++ b/N2/content_digest @@ -1,9 +1,22 @@ "ref\01499785511-17192-1-git-send-email-stefanb@linux.vnet.ibm.com\0" "ref\01499785511-17192-2-git-send-email-stefanb@linux.vnet.ibm.com\0" "From\0ebiederm@xmission.com (Eric W. Biederman)\0" - "Subject\0[PATCH v2] xattr: Enable security.capability in user namespaces\0" + "Subject\0Re: [PATCH v2] xattr: Enable security.capability in user namespaces\0" "Date\0Wed, 12 Jul 2017 08:25:29 -0500\0" - "To\0linux-security-module@vger.kernel.org\0" + "To\0Stefan Berger <stefanb@linux.vnet.ibm.com>\0" + "Cc\0containers@lists.linux-foundation.org" + lkp@01.org + linux-kernel@vger.kernel.org + zohar@linux.vnet.ibm.com + tycho@docker.com + serge@hallyn.com + James.Bottomley@hansenpartnership.com + vgoyal@redhat.com + christian.brauner@mailbox.org + amir73il@gmail.com + linux-security-module@vger.kernel.org + casey@schaufler-ca.com + " Stefan Berger <stefanb@linux.vnet.ibm.com>\0" "\00:1\0" "b\0" "Stefan Berger <\"Stefan Bergerstefanb\"@linux.vnet.ibm.com> writes:\n" @@ -20,27 +33,27 @@ "> Reading of extended attributes:\n" ">\n" "> 1a) Reading security.foo from a user namespace will read\n" - "> security.foo at uid=<uid> of the parent user namespace instead with uid\n" + "> security.foo@uid=<uid> of the parent user namespace instead with uid\n" "> being the mapping of root in that parent user namespace. An\n" "> exception is if root is mapped to uid 0 on the host, and in this case\n" "> we will read security.foo directly.\n" - "> --> reading security.foo will read security.foo at uid=1000 for uid\n" + "> --> reading security.foo will read security.foo@uid=1000 for uid\n" "> mapping of root to 1000.\n" ">\n" - "> 1b) If security.foo at uid=<uid> is not available, the security.foo of the\n" + "> 1b) If security.foo@uid=<uid> is not available, the security.foo of the\n" "> parent namespace is tried to be read. This procedure is repeated up to\n" "> the init user namespace. This step only applies for reading of extended\n" "> attributes and provides the same behavior as older system where the\n" "> host's extended attributes applied to user namespaces.\n" ">\n" - "> 2) All security.foo at uid=<uid> with valid uid mapping in the user namespace\n" + "> 2) All security.foo@uid=<uid> with valid uid mapping in the user namespace\n" "> can be read. The uid within the user namespace will be mapped to the\n" "> corresponding uid on the host and that uid will be used in the name of\n" "> the extended attribute.\n" - "> -> reading security.foo at uid=1 will read security.foo at uid=1001 for uid\n" + "> -> reading security.foo@uid=1 will read security.foo@uid=1001 for uid\n" "> mapping of root to 1000, size of at least 2.\n" ">\n" - "> All security.foo at uid=<uid> can be read (by root) on the host with values\n" + "> All security.foo@uid=<uid> can be read (by root) on the host with values\n" "> of <uid> also being subject to checking for valid mappings.\n" ">\n" "> 3) No other security.foo* can be read.\n" @@ -52,8 +65,8 @@ "> to the user namespace that have a valid mapping. Besides that, names\n" "> of the extended attributes are adjusted to represent the mapping.\n" "> This means that if root is mapped to uid 1000 on the host, the\n" - "> security.foo at uid=1000 will be listed as security.foo in the user\n" - "> namespace, security.foo at uid=1001 becomes security.foo at uid=1 and so on.\n" + "> security.foo@uid=1000 will be listed as security.foo in the user\n" + "> namespace, security.foo@uid=1001 becomes security.foo@uid=1 and so on.\n" ">\n" "> Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>\n" "> Signed-off-by: Serge Hallyn <serge@hallyn.com>\n" @@ -127,7 +140,7 @@ "> +}\n" "> +\n" "> +/*\n" - "> + * xattr_write_uid - print a string in the format of \"%s at uid=%u\", which\n" + "> + * xattr_write_uid - print a string in the format of \"%s@uid=%u\", which\n" "> + * includes a prefix string\n" "> + *\n" "> + * @uid: the uid\n" @@ -153,7 +166,7 @@ "> +\tif (uid == 0)\n" "> +\t\t*buffer = 0;\n" "> +\telse\n" - "> +\t\tsprintf(buffer, \"%s at uid=%u\",\n" + "> +\t\tsprintf(buffer, \"%s@uid=%u\",\n" "> +\t\t\t(prefix) ? prefix : \"\",\n" "> +\t\t\tuid);\n" "> +\n" @@ -395,27 +408,27 @@ "> + *\n" "> + * Reading:\n" "> + * 1a) Reading security.foo from a user namespace will read\n" - "> + * security.foo at uid=<uid> of the parent user namespace instead with uid\n" + "> + * security.foo@uid=<uid> of the parent user namespace instead with uid\n" "> + * being the mapping of root in that parent user namespace. An\n" "> + * exception is if root is mapped to uid 0 on the host, and in this case\n" "> + * we will read security.foo directly.\n" - "> + * -> reading security.foo will read security.foo at uid=1000 for a uid\n" + "> + * -> reading security.foo will read security.foo@uid=1000 for a uid\n" "> + * mapping of root to 1000.\n" "> + *\n" - "> + * 1b) If security.foo at uid=<uid> is not available, the security.foo of the\n" + "> + * 1b) If security.foo@uid=<uid> is not available, the security.foo of the\n" "> + * parent namespace is tried to be read. This procedure is repeated up to\n" "> + * the init user namespace. This step only applies for reading of extended\n" "> + * attributes and provides the same behavior as older systems where the\n" "> + * host's extended attributes applied to user namespaces.\n" "> + *\n" - "> + * 2) All security.foo at uid=<uid> with valid uid mappings in the user namespace\n" + "> + * 2) All security.foo@uid=<uid> with valid uid mappings in the user namespace\n" "> + * an be read. The uid within the user namespace will be mapped to the\n" "> + * corresponding uid on the host and that uid will be used in the name of\n" "> + * the extended attribute.\n" - "> + * -> reading security.foo at uid=1 will read security.foo at uid=1001 for a uid\n" + "> + * -> reading security.foo@uid=1 will read security.foo@uid=1001 for a uid\n" "> + * mapping of root to 1000, size of at least 2.\n" "> + *\n" - "> + * All security.foo at uid=<uid> can be read (by root) on the host with values\n" + "> + * All security.foo@uid=<uid> can be read (by root) on the host with values\n" "> + * of <uid> also being subject to checking for valid mappings.\n" "> + *\n" "> + * 3) No other security.foo* can be read.\n" @@ -442,7 +455,7 @@ "> +\tif (idx < 0)\n" "> +\t\tgoto out_copy;\n" "> +\n" - "> +\t/* read security.foo? --> read security.foo at uid=<uid> instead */\n" + "> +\t/* read security.foo? --> read security.foo@uid=<uid> instead */\n" "> +\tlen = strlen(userns_xattrs[idx]);\n" "> +\tif (name[len] == 0) {\n" "> +\t\t/*\n" @@ -721,10 +734,6 @@ "> +\t\t\tif (!capable_wrt_inode_uidgid(inode, CAP_SETFCAP))\n" "> \t\t\t\treturn -EPERM;\n" "> \t\t} else if (!capable(CAP_SYS_ADMIN)) {\n" - "> \t\t\t/* A different attribute in the security namespace.\n" - "--\n" - "To unsubscribe from this list: send the line \"unsubscribe linux-security-module\" in\n" - "the body of a message to majordomo at vger.kernel.org\n" - More majordomo info at http://vger.kernel.org/majordomo-info.html + "> \t\t\t/* A different attribute in the security namespace." -20edb050508a28fc5dd6e0f7abb2999a97dbe9559322f96146baad5678030af7 +d9e75e178dfc835a5457a131d6b84196854886d8f0696b813307387b7cf1a6b4
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.