diff for duplicates of <87vamv2pj0.fsf@xmission.com> diff --git a/a/1.txt b/N1/1.txt index 1933022..efd42ff 100644 --- a/a/1.txt +++ b/N1/1.txt @@ -1,15 +1,15 @@ -Stefan Berger <stefanb-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org> writes: +Stefan Berger <stefanb@linux.vnet.ibm.com> writes: > On 07/13/2017 08:38 PM, Eric W. Biederman wrote: ->> Stefan Berger <stefanb-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org> writes: +>> Stefan Berger <stefanb@linux.vnet.ibm.com> writes: >> >>> On 07/13/2017 01:49 PM, Eric W. Biederman wrote: >>> >>>> My big question right now is can you implement Ted's suggested ->>>> restriction. Only one security.foo or secuirty.foo@... attribute ? +>>>> restriction. Only one security.foo or secuirty.foo at ... attribute ? >>> We need to raw-list the xattrs and do the check before writing them. I am fairly sure this can be done. >>> ->>> So now you want to allow security.foo and one security.foo@uid=<> or just a single one security.foo(@[[:print:]]*)? +>>> So now you want to allow security.foo and one security.foo at uid=<> or just a single one security.foo(@[[:print:]]*)? >>> >> The latter. > @@ -33,3 +33,8 @@ make sense. Could you explain that to me? Thank you. Eric + +-- +To unsubscribe from this list: send the line "unsubscribe linux-security-module" in +the body of a message to majordomo at vger.kernel.org +More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/a/content_digest b/N1/content_digest index 723af65..db6f741 100644 --- a/a/content_digest +++ b/N1/content_digest @@ -13,33 +13,24 @@ "ref\09a3010e5-ca2b-5e7a-656b-fcc14f7bec4e@linux.vnet.ibm.com\0" "ref\087h8yf7szd.fsf@xmission.com\0" "ref\065dbe654-0d99-03fa-c838-5a726b462826@linux.vnet.ibm.com\0" - "ref\065dbe654-0d99-03fa-c838-5a726b462826-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org\0" - "From\0ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org (Eric W. Biederman)\0" - "Subject\0Re: [PATCH v2] xattr: Enable security.capability in user namespaces\0" + "From\0ebiederm@xmission.com (Eric W. Biederman)\0" + "Subject\0[PATCH v2] xattr: Enable security.capability in user namespaces\0" "Date\0Fri, 14 Jul 2017 07:04:19 -0500\0" - "To\0Stefan Berger <stefanb-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>\0" - "Cc\0Theodore Ts'o <tytso-3s7WtUTddSA@public.gmane.org>" - zohar-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org - containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org - linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org - James.Bottomley-d9PhHud1JfjCXq6kfMZ53/egYHeGw8Jk@public.gmane.org - linux-security-module-u79uwXL29TY76Z2rM5mHXA@public.gmane.org - casey-iSGtlc1asvQWG2LlvL+J4A@public.gmane.org - " lkp-JC7UmRfGjtg@public.gmane.org\0" + "To\0linux-security-module@vger.kernel.org\0" "\00:1\0" "b\0" - "Stefan Berger <stefanb-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org> writes:\n" + "Stefan Berger <stefanb@linux.vnet.ibm.com> writes:\n" "\n" "> On 07/13/2017 08:38 PM, Eric W. Biederman wrote:\n" - ">> Stefan Berger <stefanb-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org> writes:\n" + ">> Stefan Berger <stefanb@linux.vnet.ibm.com> writes:\n" ">>\n" ">>> On 07/13/2017 01:49 PM, Eric W. Biederman wrote:\n" ">>>\n" ">>>> My big question right now is can you implement Ted's suggested\n" - ">>>> restriction. Only one security.foo or secuirty.foo@... attribute ?\n" + ">>>> restriction. Only one security.foo or secuirty.foo at ... attribute ?\n" ">>> We need to raw-list the xattrs and do the check before writing them. I am fairly sure this can be done.\n" ">>>\n" - ">>> So now you want to allow security.foo and one security.foo@uid=<> or just a single one security.foo(@[[:print:]]*)?\n" + ">>> So now you want to allow security.foo and one security.foo at uid=<> or just a single one security.foo(@[[:print:]]*)?\n" ">>>\n" ">> The latter.\n" ">\n" @@ -62,6 +53,11 @@ "\n" "Thank you.\n" "\n" - Eric + "Eric\n" + "\n" + "--\n" + "To unsubscribe from this list: send the line \"unsubscribe linux-security-module\" in\n" + "the body of a message to majordomo at vger.kernel.org\n" + More majordomo info at http://vger.kernel.org/majordomo-info.html -46a9aab1ef26fbd9734fb811d9be2a176323ef60cfbc1f519bb541178776bc2c +77e524304169c2a8d5f3d3f908e9a8dfd74090c606b82f1ea7faaf7e68a43e58
diff --git a/a/1.txt b/N2/1.txt index 1933022..f82859a 100644 --- a/a/1.txt +++ b/N2/1.txt @@ -1,15 +1,15 @@ -Stefan Berger <stefanb-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org> writes: +Stefan Berger <stefanb@linux.vnet.ibm.com> writes: > On 07/13/2017 08:38 PM, Eric W. Biederman wrote: ->> Stefan Berger <stefanb-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org> writes: +>> Stefan Berger <stefanb@linux.vnet.ibm.com> writes: >> >>> On 07/13/2017 01:49 PM, Eric W. Biederman wrote: >>> >>>> My big question right now is can you implement Ted's suggested ->>>> restriction. Only one security.foo or secuirty.foo@... attribute ? +>>>> restriction. Only one security.foo or secuirty.foo(a)... attribute ? >>> We need to raw-list the xattrs and do the check before writing them. I am fairly sure this can be done. >>> ->>> So now you want to allow security.foo and one security.foo@uid=<> or just a single one security.foo(@[[:print:]]*)? +>>> So now you want to allow security.foo and one security.foo(a)uid=<> or just a single one security.foo(@[[:print:]]*)? >>> >> The latter. > diff --git a/a/content_digest b/N2/content_digest index 723af65..8570198 100644 --- a/a/content_digest +++ b/N2/content_digest @@ -1,45 +1,22 @@ - "ref\01499785511-17192-1-git-send-email-stefanb@linux.vnet.ibm.com\0" - "ref\01499785511-17192-2-git-send-email-stefanb@linux.vnet.ibm.com\0" - "ref\087mv89iy7q.fsf@xmission.com\0" - "ref\020170712170346.GA17974@mail.hallyn.com\0" - "ref\0877ezdgsey.fsf@xmission.com\0" - "ref\074664cc8-bc3e-75d6-5892-f8934404349f@linux.vnet.ibm.com\0" - "ref\020170713011554.xwmrgkzfwnibvgcu@thunk.org\0" - "ref\087y3rscz9j.fsf@xmission.com\0" - "ref\020170713164012.brj2flnkaaks2oci@thunk.org\0" - "ref\087k23cb6os.fsf@xmission.com\0" - "ref\0847ccb2a-30c0-a94c-df6f-091c8901eaa0@linux.vnet.ibm.com\0" - "ref\087bmoo8bxb.fsf@xmission.com\0" - "ref\09a3010e5-ca2b-5e7a-656b-fcc14f7bec4e@linux.vnet.ibm.com\0" - "ref\087h8yf7szd.fsf@xmission.com\0" "ref\065dbe654-0d99-03fa-c838-5a726b462826@linux.vnet.ibm.com\0" - "ref\065dbe654-0d99-03fa-c838-5a726b462826-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org\0" - "From\0ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org (Eric W. Biederman)\0" + "From\0Eric W. Biederman <ebiederm@xmission.com>\0" "Subject\0Re: [PATCH v2] xattr: Enable security.capability in user namespaces\0" "Date\0Fri, 14 Jul 2017 07:04:19 -0500\0" - "To\0Stefan Berger <stefanb-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>\0" - "Cc\0Theodore Ts'o <tytso-3s7WtUTddSA@public.gmane.org>" - zohar-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org - containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org - linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org - James.Bottomley-d9PhHud1JfjCXq6kfMZ53/egYHeGw8Jk@public.gmane.org - linux-security-module-u79uwXL29TY76Z2rM5mHXA@public.gmane.org - casey-iSGtlc1asvQWG2LlvL+J4A@public.gmane.org - " lkp-JC7UmRfGjtg@public.gmane.org\0" - "\00:1\0" + "To\0lkp@lists.01.org\0" + "\01:1\0" "b\0" - "Stefan Berger <stefanb-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org> writes:\n" + "Stefan Berger <stefanb@linux.vnet.ibm.com> writes:\n" "\n" "> On 07/13/2017 08:38 PM, Eric W. Biederman wrote:\n" - ">> Stefan Berger <stefanb-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org> writes:\n" + ">> Stefan Berger <stefanb@linux.vnet.ibm.com> writes:\n" ">>\n" ">>> On 07/13/2017 01:49 PM, Eric W. Biederman wrote:\n" ">>>\n" ">>>> My big question right now is can you implement Ted's suggested\n" - ">>>> restriction. Only one security.foo or secuirty.foo@... attribute ?\n" + ">>>> restriction. Only one security.foo or secuirty.foo(a)... attribute ?\n" ">>> We need to raw-list the xattrs and do the check before writing them. I am fairly sure this can be done.\n" ">>>\n" - ">>> So now you want to allow security.foo and one security.foo@uid=<> or just a single one security.foo(@[[:print:]]*)?\n" + ">>> So now you want to allow security.foo and one security.foo(a)uid=<> or just a single one security.foo(@[[:print:]]*)?\n" ">>>\n" ">> The latter.\n" ">\n" @@ -64,4 +41,4 @@ "\n" Eric -46a9aab1ef26fbd9734fb811d9be2a176323ef60cfbc1f519bb541178776bc2c +3b212dcebb2c111497408f39f750c84f9ae8cd7cb51026f5f77f2ad83575a91e
diff --git a/a/1.txt b/N3/1.txt index 1933022..ee7d053 100644 --- a/a/1.txt +++ b/N3/1.txt @@ -1,7 +1,7 @@ -Stefan Berger <stefanb-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org> writes: +Stefan Berger <stefanb@linux.vnet.ibm.com> writes: > On 07/13/2017 08:38 PM, Eric W. Biederman wrote: ->> Stefan Berger <stefanb-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org> writes: +>> Stefan Berger <stefanb@linux.vnet.ibm.com> writes: >> >>> On 07/13/2017 01:49 PM, Eric W. Biederman wrote: >>> diff --git a/a/content_digest b/N3/content_digest index 723af65..c07258c 100644 --- a/a/content_digest +++ b/N3/content_digest @@ -13,25 +13,29 @@ "ref\09a3010e5-ca2b-5e7a-656b-fcc14f7bec4e@linux.vnet.ibm.com\0" "ref\087h8yf7szd.fsf@xmission.com\0" "ref\065dbe654-0d99-03fa-c838-5a726b462826@linux.vnet.ibm.com\0" - "ref\065dbe654-0d99-03fa-c838-5a726b462826-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org\0" - "From\0ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org (Eric W. Biederman)\0" + "From\0ebiederm@xmission.com (Eric W. Biederman)\0" "Subject\0Re: [PATCH v2] xattr: Enable security.capability in user namespaces\0" "Date\0Fri, 14 Jul 2017 07:04:19 -0500\0" - "To\0Stefan Berger <stefanb-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>\0" - "Cc\0Theodore Ts'o <tytso-3s7WtUTddSA@public.gmane.org>" - zohar-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org - containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org - linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org - James.Bottomley-d9PhHud1JfjCXq6kfMZ53/egYHeGw8Jk@public.gmane.org - linux-security-module-u79uwXL29TY76Z2rM5mHXA@public.gmane.org - casey-iSGtlc1asvQWG2LlvL+J4A@public.gmane.org - " lkp-JC7UmRfGjtg@public.gmane.org\0" + "To\0Stefan Berger <stefanb@linux.vnet.ibm.com>\0" + "Cc\0Theodore Ts'o <tytso@mit.edu>" + Serge E. Hallyn <serge@hallyn.com> + containers@lists.linux-foundation.org + lkp@01.org + linux-kernel@vger.kernel.org + zohar@linux.vnet.ibm.com + tycho@docker.com + James.Bottomley@hansenpartnership.com + vgoyal@redhat.com + christian.brauner@mailbox.org + amir73il@gmail.com + linux-security-module@vger.kernel.org + " casey@schaufler-ca.com\0" "\00:1\0" "b\0" - "Stefan Berger <stefanb-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org> writes:\n" + "Stefan Berger <stefanb@linux.vnet.ibm.com> writes:\n" "\n" "> On 07/13/2017 08:38 PM, Eric W. Biederman wrote:\n" - ">> Stefan Berger <stefanb-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org> writes:\n" + ">> Stefan Berger <stefanb@linux.vnet.ibm.com> writes:\n" ">>\n" ">>> On 07/13/2017 01:49 PM, Eric W. Biederman wrote:\n" ">>>\n" @@ -64,4 +68,4 @@ "\n" Eric -46a9aab1ef26fbd9734fb811d9be2a176323ef60cfbc1f519bb541178776bc2c +306e7bb9d4a500e312a16134ce8a49fca09b9fc34fb70702062b44e5095cfb26
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.