From mboxrd@z Thu Jan  1 00:00:00 1970
From: Mimi Zohar <zohar-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>
Subject: Re: [RFC PATCH v2 1/3] ima: extend clone() with IMA namespace support
Date: Wed, 21 Mar 2018 11:19:46 -0400
Message-ID: <1521645586.3848.136.camel@linux.vnet.ibm.com>
References: <20180309201421.6150-1-stefanb@linux.vnet.ibm.com>
	<20180309201421.6150-2-stefanb@linux.vnet.ibm.com>
	<87vadxfwqj.fsf@xmission.com>
	<c18b6e92-57f0-5994-eb60-5fadc6671832@linux.vnet.ibm.com>
	<1521135192.5348.64.camel@HansenPartnership.com>
	<2183a3b4-6270-d2e9-70ad-a7399eb1681c@linux.vnet.ibm.com>
	<1521139535.5348.89.camel@HansenPartnership.com>
	<0dc5b856-8dc6-7b5a-eeac-febd19f6498c@linux.vnet.ibm.com>
	<1521140467.5348.94.camel@HansenPartnership.com>
	<056e5b9e-b4d3-1862-baea-06dda4bd0713@linux.vnet.ibm.com>
	<87sh915eo0.fsf@xmission.com>
	<19ecc296-b584-4e1a-5369-30090fbc7880@linux.vnet.ibm.com>
	<87d10513id.fsf@xmission.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
Return-path: <containers-bounces-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org>
In-Reply-To: <87d10513id.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/containers>,
	<mailto:containers-request-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/containers/>
List-Post: <mailto:containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org>
List-Help: <mailto:containers-request-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/containers>,
	<mailto:containers-request-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org?subject=subscribe>
Sender: containers-bounces-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org
Errors-To: containers-bounces-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org
To: "Eric W. Biederman" <ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>, Stefan Berger <stefanb-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>
Cc: mkayaalp-4hyTIkVWTs8LubxHQvXPfYdd74u8MsAO@public.gmane.org, Mehmet Kayaalp <mkayaalp-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>, sunyuqiong1988-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org, containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org, linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, david.safford-JJi787mZWgc@public.gmane.org, James Bottomley <James.Bottomley-d9PhHud1JfjCXq6kfMZ53/egYHeGw8Jk@public.gmane.org>, linux-security-module-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, linux-integrity-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
List-Id: containers.vger.kernel.org

T24gVGh1LCAyMDE4LTAzLTE1IGF0IDE1OjM1IC0wNTAwLCBFcmljIFcuIEJpZWRlcm1hbiB3cm90
ZToKPiBTdGVmYW4gQmVyZ2VyIDxzdGVmYW5iQGxpbnV4LnZuZXQuaWJtLmNvbT4gd3JpdGVzOgo+
ID4gT24gMDMvMTUvMjAxOCAwMzoyMCBQTSwgRXJpYyBXLiBCaWVkZXJtYW4gd3JvdGU6CgpbLi5d
Cgo+ID4+ICBGcm9tIHByZXZpb3VzIGNvbnZlcnNhdGlvbnMgSSByZW1lbWJlciB0aGF0IHRoZXJl
IGlzIGEgbGVnaXRpbWF0ZQo+ID4+IGJvb3RzdHJhcCBwcm9ibGVtIGZvciBJTUEuICBUaGF0IG5l
ZWRzIHRvIGJlIGxvb2tlZCBhdCwgYW5kIEkgYW0gbm90Cj4gPj4gc2VlaW5nIHRoYXQgbWVudGlv
bmVkLgo+ID4KPiA+IElNQSdzIGxvZyBzaG91bGQgbm90IGhhdmUgYSBnYXAuIFNvIGlkZWFsbHkg
d2Ugc2hvdWxkbid0IGhhdmUgdG8gd3JpdGUgc29tZXRoaW5nCj4gPiBpbnRvIHN5c2ZzIHRvIHNw
YXduIGEgbmV3IElNQSBuYW1lc3BhY2Ugc28gdGhhdCB3ZSBkb24ndCBtaXNzIHdoYXRldmVyIHNl
dHVwIG1heQo+ID4gaGF2ZSBoYXBwZW5lZCB0byBnZXQgdGhlcmUsIGluY2x1ZGluZyB0aGUgd3Jp
dGluZyBpbnRvIHByb2Nmcy4gSU1BIHNob3VsZCBiZQo+ID4gdGhlcmUgcmlnaHQgZnJvbSB0aGUg
c3RhcnQuIFNvIGEgY2xvbmUgZmxhZyB3b3VsZCBiZSBpZGVhbCBmb3IgdGhhdC4KPiAKPiBQbGVh
c2UgbWFrZSB0aGF0IHNlY3VyaXR5ZnMgbm90IHN5c2ZzLiAgU3lzZnMgc2hvdWxkIGJlIGFib3V0
IHRoZQo+IGhhcmR3YXJlIG5vdCB0aGVzZSBoaWdoZXIgbGV2ZWwgc29mdHdhcmUgZGV0YWlscy4g
IEkgcmVhbGx5IGRvbid0IHdhbnQKPiB0byBoYXZlIHRvIG5hbWVzcGFjZSBzeXNmcyBtb3JlIHRo
YW4gSSBhbHJlYWR5IGhhdmUuCj4gCj4gQXMgZm9yIHRoZSBubyBnYXBzIHJlcXVpcmVtZW50LiAg
VGhhdCBpcyBhIHBvd2VyZnVsIGxldmVyIGZvciBydWxpbmcgb3V0Cj4gc29sdXRpb25zIHRoYXQg
ZG9uJ3Qgd29yayBhcyB3ZWxsLgoKSU1BLW1lYXN1cmVtZW50IGFuZCBJTUEtYXVkaXQgbmVlZCB0
byBiZSBlbmFibGVkIGZyb20gdGhlIHZlcnkKYmVnaW5uaW5nLiDCoFRoZSBvbmx5IHJlYXNvbiB3
ZSBkaWZmZXJlbnRpYXRlIGJldHdlZW4gSU1BLW1lYXN1cmVtZW50CmFuZCBJTUEtYXVkaXQgZnJv
bSBJTUEtYXBwcmFpc2FsIGlzIHNpbXBseSBiZWNhdXNlIHRoZSBpbml0cmFtZnMKZG9lc24ndCBp
bmNsdWRlIHhhdHRycy4gwqBPbmNlIHN1cHBvcnQgZm9yIENQSU8geGF0dHJzIGlzIHVwc3RyZWFt
ZWQsCklNQS1hcHByYWlzYWwgY291bGQgdGhlbiBhbHNvIGJlIGVuYWJsZWQgZnJvbSB0aGUgdmVy
eSBiZWdpbm5pbmcuIMKgRm9yCm5vdywgd2UgcmVseSBvbiB0aGUgaW5pdHJhbWZzIGJlaW5nIG1l
YXN1cmVkIChhbmQgYXBwcmFpc2VkKSBhbmQKZW5hYmxlIElNQS1hcHByYWlzYWwgYmVmb3JlIGFu
eSBmaWxlcyBhcmUgYWNjZXNzZWQgZnJvbSByZWFsIHJvb3QuCsKgU3lzdGVtcyB3aXRoIGEgY3Vz
dG9tIC9pbml0IHRvZGF5IGFscmVhZHkgY2FuIGVuYWJsZSBJTUEtYXBwcmFpc2FsCmZyb20gdGhl
IHZlcnkgYmVnaW5uaW5nLiDCoAoKSW4gdGVybXMgb2YgSU1BIG5hbWVzcGFjaW5nLCB3ZSBzaG91
bGRuJ3QgbmVlZCB0byBkaWZmZXJlbnRpYXRlCmJldHdlZW4gSU1BLW1lYXN1cmVtZW50IGFuZCBJ
TUEtYXVkaXQgZnJvbSBJTUEtYXBwcmFpc2FsLiDCoEFsbCBvZiB0aGVtCnNob3VsZCBiZSBpbml0
aWFsaXplZCBmcm9tIHRoZSB2ZXJ5IGJlZ2lubmluZyB0byBjYXB0dXJlIGFsbAptZWFzdXJlbWVu
dHMgaW4gdGhlIG1lYXN1cmVtZW50IGxpc3QsIGF1ZGl0IHRoZSBtZWFzdXJlbWVudHMgYW5kCmFw
cHJhaXNlIGFsbCBmaWxlcy4KClJlcXVpcmluZyBJTUEgbmFtZXNwYWNpbmcgdG8gYmUgam9pbmVk
IHRvIGFub3RoZXIgbmFtZXNwYWNlCmNvbXBsaWNhdGVzIHRoaW5ncywgbGlrZSB0aGUgdW5uZWNl
c3NhcnkgY3JlYXRpb24gb2YgSU1BIG5hbWVzcGFjZXMuCsKgSnVzdCBhcyB0aGVyZSBpcyBhbiAi
b3duaW5nIiBuYW1lc3BhY2UgZm9yIG90aGVyIG5hbWVzcGFjZXMsIHRoZXJlCnNob3VsZCBiZSBh
biAib3duaW5nIiBJTUEgbmFtZXNwYWNlLCB3aGljaCBpcyBpbmRlcGVuZGVudCBvZiBlaXRoZXIK
dGhlIG1vdW50IG9yIHVzZXIgbmFtZXNwYWNlLgoKKEkgaG9wZSBJJ20gdXNpbmcgdGhlIHRlcm0g
Im93bmluZyIgcHJvcGVybHkgaGVyZS4pCgpNaW1pCgpfX19fX19fX19fX19fX19fX19fX19fX19f
X19fX19fX19fX19fX19fX19fX19fXwpDb250YWluZXJzIG1haWxpbmcgbGlzdApDb250YWluZXJz
QGxpc3RzLmxpbnV4LWZvdW5kYXRpb24ub3JnCmh0dHBzOi8vbGlzdHMubGludXhmb3VuZGF0aW9u
Lm9yZy9tYWlsbWFuL2xpc3RpbmZvL2NvbnRhaW5lcnM=