From: Dan Jurgens <danielj-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
To: chrisw-69jw2NvuJkxg9hUCZPvPmw@public.gmane.org,
paul-r2n+y4ga6xFZroRs9YW3xA@public.gmane.org,
sds-+05T5uksL2qpZYMLLGbcSA@public.gmane.org,
eparis-FjpueFixGhCM4zKIHC2jIg@public.gmane.org,
dledford-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org,
sean.hefty-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org,
hal.rosenstock-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org
Cc: selinux-+05T5uksL2qpZYMLLGbcSA@public.gmane.org,
linux-security-module-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
linux-rdma-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
yevgenyp-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org,
Daniel Jurgens <danielj-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
Subject: [PATCH v6 7/9] selinux: Implement Infiniband PKey "Access" access vector
Date: Wed, 23 Nov 2016 16:17:29 +0200 [thread overview]
Message-ID: <1479910651-43246-8-git-send-email-danielj@mellanox.com> (raw)
In-Reply-To: <1479910651-43246-1-git-send-email-danielj-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
From: Daniel Jurgens <danielj-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
Add a type and access vector for PKeys. Implement the ib_pkey_access
hook to check that the caller has permission to access the PKey on the
given subnet prefix. Add an interface to get the PKey SID. Walk the PKey
ocontexts to find an entry for the given subnet prefix and pkey.
Signed-off-by: Daniel Jurgens <danielj-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
---
v2:
- Use void* blobs for security structs. Paul Moore
- Add pkey specific data to the audit log. Paul Moore
- Don't introduce a new initial sid, use unlabeled. Stephen Smalley
v3:
- Reorder parameters to pkey_access hook. Paul Moore
v6:
- Remove blank lines and brackets on single statement else. James Morris
---
include/linux/lsm_audit.h | 7 +++++++
security/lsm_audit.c | 11 ++++++++++
security/selinux/hooks.c | 22 ++++++++++++++++++++
security/selinux/include/classmap.h | 2 ++
security/selinux/include/security.h | 2 ++
security/selinux/ss/services.c | 40 +++++++++++++++++++++++++++++++++++++
6 files changed, 84 insertions(+)
diff --git a/include/linux/lsm_audit.h b/include/linux/lsm_audit.h
index e58e577..402b770 100644
--- a/include/linux/lsm_audit.h
+++ b/include/linux/lsm_audit.h
@@ -45,6 +45,11 @@ struct lsm_ioctlop_audit {
u16 cmd;
};
+struct lsm_pkey_audit {
+ u64 subnet_prefix;
+ u16 pkey;
+};
+
/* Auxiliary data to use in generating the audit record. */
struct common_audit_data {
char type;
@@ -60,6 +65,7 @@ struct common_audit_data {
#define LSM_AUDIT_DATA_DENTRY 10
#define LSM_AUDIT_DATA_IOCTL_OP 11
#define LSM_AUDIT_DATA_FILE 12
+#define LSM_AUDIT_DATA_PKEY 13
union {
struct path path;
struct dentry *dentry;
@@ -77,6 +83,7 @@ struct common_audit_data {
char *kmod_name;
struct lsm_ioctlop_audit *op;
struct file *file;
+ struct lsm_pkey_audit *pkey;
} u;
/* this union contains LSM specific data */
union {
diff --git a/security/lsm_audit.c b/security/lsm_audit.c
index 37f04da..8911360 100644
--- a/security/lsm_audit.c
+++ b/security/lsm_audit.c
@@ -410,6 +410,17 @@ static void dump_common_audit_data(struct audit_buffer *ab,
audit_log_format(ab, " kmod=");
audit_log_untrustedstring(ab, a->u.kmod_name);
break;
+ case LSM_AUDIT_DATA_PKEY: {
+ struct in6_addr sbn_pfx;
+
+ memset(&sbn_pfx.s6_addr, 0,
+ sizeof(sbn_pfx.s6_addr));
+ memcpy(&sbn_pfx.s6_addr, &a->u.pkey->subnet_prefix,
+ sizeof(a->u.pkey->subnet_prefix));
+ audit_log_format(ab, " pkey=0x%x subnet_prefix=%pI6c",
+ a->u.pkey->pkey, &sbn_pfx);
+ break;
+ }
} /* switch (a->type) */
}
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index d87e29d..94eef1b 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -6086,6 +6086,27 @@ static int selinux_key_getsecurity(struct key *key, char **_buffer)
#endif
#ifdef CONFIG_SECURITY_INFINIBAND
+static int selinux_ib_pkey_access(void *ib_sec, u64 subnet_prefix, u16 pkey_val)
+{
+ struct common_audit_data ad;
+ int err;
+ u32 sid = 0;
+ struct ib_security_struct *sec = ib_sec;
+ struct lsm_pkey_audit pkey;
+
+ err = security_pkey_sid(subnet_prefix, pkey_val, &sid);
+ if (err)
+ return err;
+
+ ad.type = LSM_AUDIT_DATA_PKEY;
+ pkey.subnet_prefix = subnet_prefix;
+ pkey.pkey = pkey_val;
+ ad.u.pkey = &pkey;
+ return avc_has_perm(sec->sid, sid,
+ SECCLASS_INFINIBAND_PKEY,
+ INFINIBAND_PKEY__ACCESS, &ad);
+}
+
static int selinux_ib_alloc_security(void **ib_sec)
{
struct ib_security_struct *sec;
@@ -6290,6 +6311,7 @@ static struct security_hook_list selinux_hooks[] = {
LSM_HOOK_INIT(tun_dev_attach, selinux_tun_dev_attach),
LSM_HOOK_INIT(tun_dev_open, selinux_tun_dev_open),
#ifdef CONFIG_SECURITY_INFINIBAND
+ LSM_HOOK_INIT(ib_pkey_access, selinux_ib_pkey_access),
LSM_HOOK_INIT(ib_alloc_security, selinux_ib_alloc_security),
LSM_HOOK_INIT(ib_free_security, selinux_ib_free_security),
#endif
diff --git a/security/selinux/include/classmap.h b/security/selinux/include/classmap.h
index 1f1f4b2..d42dd4d 100644
--- a/security/selinux/include/classmap.h
+++ b/security/selinux/include/classmap.h
@@ -165,5 +165,7 @@ struct security_class_mapping secclass_map[] = {
{ COMMON_CAP_PERMS, NULL } },
{ "cap2_userns",
{ COMMON_CAP2_PERMS, NULL } },
+ { "infiniband_pkey",
+ { "access", NULL } },
{ NULL }
};
diff --git a/security/selinux/include/security.h b/security/selinux/include/security.h
index 6bb9b0a..17afb7c 100644
--- a/security/selinux/include/security.h
+++ b/security/selinux/include/security.h
@@ -176,6 +176,8 @@ int security_get_user_sids(u32 callsid, char *username,
int security_port_sid(u8 protocol, u16 port, u32 *out_sid);
+int security_pkey_sid(u64 subnet_prefix, u16 pkey_num, u32 *out_sid);
+
int security_netif_sid(char *name, u32 *if_sid);
int security_node_sid(u16 domain, void *addr, u32 addrlen,
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index 082b20c..9215cf6 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -2203,6 +2203,46 @@ int security_port_sid(u8 protocol, u16 port, u32 *out_sid)
}
/**
+ * security_pkey_sid - Obtain the SID for a pkey.
+ * @subnet_prefix: Subnet Prefix
+ * @pkey_num: pkey number
+ * @out_sid: security identifier
+ */
+int security_pkey_sid(u64 subnet_prefix, u16 pkey_num, u32 *out_sid)
+{
+ struct ocontext *c;
+ int rc = 0;
+
+ read_lock(&policy_rwlock);
+
+ c = policydb.ocontexts[OCON_PKEY];
+ while (c) {
+ if (c->u.pkey.low_pkey <= pkey_num &&
+ c->u.pkey.high_pkey >= pkey_num &&
+ c->u.pkey.subnet_prefix == subnet_prefix)
+ break;
+
+ c = c->next;
+ }
+
+ if (c) {
+ if (!c->sid[0]) {
+ rc = sidtab_context_to_sid(&sidtab,
+ &c->context[0],
+ &c->sid[0]);
+ if (rc)
+ goto out;
+ }
+ *out_sid = c->sid[0];
+ } else
+ *out_sid = SECINITSID_UNLABELED;
+
+out:
+ read_unlock(&policy_rwlock);
+ return rc;
+}
+
+/**
* security_netif_sid - Obtain the SID for a network interface.
* @name: interface name
* @if_sid: interface SID
--
2.7.4
--
To unsubscribe from this list: send the line "unsubscribe linux-rdma" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
WARNING: multiple messages have this Message-ID (diff)
From: Dan Jurgens <danielj@mellanox.com>
To: chrisw@sous-sol.org, paul@paul-moore.com, sds@tycho.nsa.gov,
eparis@parisplace.org, dledford@redhat.com, sean.hefty@intel.com,
hal.rosenstock@gmail.com
Cc: selinux@tycho.nsa.gov, linux-security-module@vger.kernel.org,
linux-rdma@vger.kernel.org, yevgenyp@mellanox.com,
Daniel Jurgens <danielj@mellanox.com>
Subject: [PATCH v6 7/9] selinux: Implement Infiniband PKey "Access" access vector
Date: Wed, 23 Nov 2016 16:17:29 +0200 [thread overview]
Message-ID: <1479910651-43246-8-git-send-email-danielj@mellanox.com> (raw)
In-Reply-To: <1479910651-43246-1-git-send-email-danielj@mellanox.com>
From: Daniel Jurgens <danielj@mellanox.com>
Add a type and access vector for PKeys. Implement the ib_pkey_access
hook to check that the caller has permission to access the PKey on the
given subnet prefix. Add an interface to get the PKey SID. Walk the PKey
ocontexts to find an entry for the given subnet prefix and pkey.
Signed-off-by: Daniel Jurgens <danielj@mellanox.com>
---
v2:
- Use void* blobs for security structs. Paul Moore
- Add pkey specific data to the audit log. Paul Moore
- Don't introduce a new initial sid, use unlabeled. Stephen Smalley
v3:
- Reorder parameters to pkey_access hook. Paul Moore
v6:
- Remove blank lines and brackets on single statement else. James Morris
---
include/linux/lsm_audit.h | 7 +++++++
security/lsm_audit.c | 11 ++++++++++
security/selinux/hooks.c | 22 ++++++++++++++++++++
security/selinux/include/classmap.h | 2 ++
security/selinux/include/security.h | 2 ++
security/selinux/ss/services.c | 40 +++++++++++++++++++++++++++++++++++++
6 files changed, 84 insertions(+)
diff --git a/include/linux/lsm_audit.h b/include/linux/lsm_audit.h
index e58e577..402b770 100644
--- a/include/linux/lsm_audit.h
+++ b/include/linux/lsm_audit.h
@@ -45,6 +45,11 @@ struct lsm_ioctlop_audit {
u16 cmd;
};
+struct lsm_pkey_audit {
+ u64 subnet_prefix;
+ u16 pkey;
+};
+
/* Auxiliary data to use in generating the audit record. */
struct common_audit_data {
char type;
@@ -60,6 +65,7 @@ struct common_audit_data {
#define LSM_AUDIT_DATA_DENTRY 10
#define LSM_AUDIT_DATA_IOCTL_OP 11
#define LSM_AUDIT_DATA_FILE 12
+#define LSM_AUDIT_DATA_PKEY 13
union {
struct path path;
struct dentry *dentry;
@@ -77,6 +83,7 @@ struct common_audit_data {
char *kmod_name;
struct lsm_ioctlop_audit *op;
struct file *file;
+ struct lsm_pkey_audit *pkey;
} u;
/* this union contains LSM specific data */
union {
diff --git a/security/lsm_audit.c b/security/lsm_audit.c
index 37f04da..8911360 100644
--- a/security/lsm_audit.c
+++ b/security/lsm_audit.c
@@ -410,6 +410,17 @@ static void dump_common_audit_data(struct audit_buffer *ab,
audit_log_format(ab, " kmod=");
audit_log_untrustedstring(ab, a->u.kmod_name);
break;
+ case LSM_AUDIT_DATA_PKEY: {
+ struct in6_addr sbn_pfx;
+
+ memset(&sbn_pfx.s6_addr, 0,
+ sizeof(sbn_pfx.s6_addr));
+ memcpy(&sbn_pfx.s6_addr, &a->u.pkey->subnet_prefix,
+ sizeof(a->u.pkey->subnet_prefix));
+ audit_log_format(ab, " pkey=0x%x subnet_prefix=%pI6c",
+ a->u.pkey->pkey, &sbn_pfx);
+ break;
+ }
} /* switch (a->type) */
}
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index d87e29d..94eef1b 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -6086,6 +6086,27 @@ static int selinux_key_getsecurity(struct key *key, char **_buffer)
#endif
#ifdef CONFIG_SECURITY_INFINIBAND
+static int selinux_ib_pkey_access(void *ib_sec, u64 subnet_prefix, u16 pkey_val)
+{
+ struct common_audit_data ad;
+ int err;
+ u32 sid = 0;
+ struct ib_security_struct *sec = ib_sec;
+ struct lsm_pkey_audit pkey;
+
+ err = security_pkey_sid(subnet_prefix, pkey_val, &sid);
+ if (err)
+ return err;
+
+ ad.type = LSM_AUDIT_DATA_PKEY;
+ pkey.subnet_prefix = subnet_prefix;
+ pkey.pkey = pkey_val;
+ ad.u.pkey = &pkey;
+ return avc_has_perm(sec->sid, sid,
+ SECCLASS_INFINIBAND_PKEY,
+ INFINIBAND_PKEY__ACCESS, &ad);
+}
+
static int selinux_ib_alloc_security(void **ib_sec)
{
struct ib_security_struct *sec;
@@ -6290,6 +6311,7 @@ static struct security_hook_list selinux_hooks[] = {
LSM_HOOK_INIT(tun_dev_attach, selinux_tun_dev_attach),
LSM_HOOK_INIT(tun_dev_open, selinux_tun_dev_open),
#ifdef CONFIG_SECURITY_INFINIBAND
+ LSM_HOOK_INIT(ib_pkey_access, selinux_ib_pkey_access),
LSM_HOOK_INIT(ib_alloc_security, selinux_ib_alloc_security),
LSM_HOOK_INIT(ib_free_security, selinux_ib_free_security),
#endif
diff --git a/security/selinux/include/classmap.h b/security/selinux/include/classmap.h
index 1f1f4b2..d42dd4d 100644
--- a/security/selinux/include/classmap.h
+++ b/security/selinux/include/classmap.h
@@ -165,5 +165,7 @@ struct security_class_mapping secclass_map[] = {
{ COMMON_CAP_PERMS, NULL } },
{ "cap2_userns",
{ COMMON_CAP2_PERMS, NULL } },
+ { "infiniband_pkey",
+ { "access", NULL } },
{ NULL }
};
diff --git a/security/selinux/include/security.h b/security/selinux/include/security.h
index 6bb9b0a..17afb7c 100644
--- a/security/selinux/include/security.h
+++ b/security/selinux/include/security.h
@@ -176,6 +176,8 @@ int security_get_user_sids(u32 callsid, char *username,
int security_port_sid(u8 protocol, u16 port, u32 *out_sid);
+int security_pkey_sid(u64 subnet_prefix, u16 pkey_num, u32 *out_sid);
+
int security_netif_sid(char *name, u32 *if_sid);
int security_node_sid(u16 domain, void *addr, u32 addrlen,
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index 082b20c..9215cf6 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -2203,6 +2203,46 @@ int security_port_sid(u8 protocol, u16 port, u32 *out_sid)
}
/**
+ * security_pkey_sid - Obtain the SID for a pkey.
+ * @subnet_prefix: Subnet Prefix
+ * @pkey_num: pkey number
+ * @out_sid: security identifier
+ */
+int security_pkey_sid(u64 subnet_prefix, u16 pkey_num, u32 *out_sid)
+{
+ struct ocontext *c;
+ int rc = 0;
+
+ read_lock(&policy_rwlock);
+
+ c = policydb.ocontexts[OCON_PKEY];
+ while (c) {
+ if (c->u.pkey.low_pkey <= pkey_num &&
+ c->u.pkey.high_pkey >= pkey_num &&
+ c->u.pkey.subnet_prefix == subnet_prefix)
+ break;
+
+ c = c->next;
+ }
+
+ if (c) {
+ if (!c->sid[0]) {
+ rc = sidtab_context_to_sid(&sidtab,
+ &c->context[0],
+ &c->sid[0]);
+ if (rc)
+ goto out;
+ }
+ *out_sid = c->sid[0];
+ } else
+ *out_sid = SECINITSID_UNLABELED;
+
+out:
+ read_unlock(&policy_rwlock);
+ return rc;
+}
+
+/**
* security_netif_sid - Obtain the SID for a network interface.
* @name: interface name
* @if_sid: interface SID
--
2.7.4
next prev parent reply other threads:[~2016-11-23 14:17 UTC|newest]
Thread overview: 51+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-11-23 14:17 [PATCH v6 0/9] SELinux support for Infiniband RDMA Dan Jurgens
2016-11-23 14:17 ` Dan Jurgens
2016-11-23 14:17 ` [PATCH v6 2/9] IB/core: Enforce PKey security on QPs Dan Jurgens
2016-11-23 14:17 ` [PATCH v6 4/9] IB/core: Enforce security on management datagrams Dan Jurgens
2016-11-23 14:17 ` [PATCH v6 5/9] selinux: Create policydb version for Infiniband support Dan Jurgens
[not found] ` <1479910651-43246-6-git-send-email-danielj-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
2016-12-13 14:38 ` Stephen Smalley
2016-12-13 14:38 ` Stephen Smalley
2016-12-13 14:40 ` Daniel Jurgens
2016-12-13 14:40 ` Daniel Jurgens
2016-11-23 14:17 ` [PATCH v6 6/9] selinux: Allocate and free infiniband security hooks Dan Jurgens
2016-11-23 14:17 ` [PATCH v6 8/9] selinux: Add IB Port SMP access vector Dan Jurgens
2016-11-23 14:17 ` [PATCH v6 9/9] selinux: Add a cache for quicker retreival of PKey SIDs Dan Jurgens
[not found] ` <1479910651-43246-1-git-send-email-danielj-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
2016-11-23 14:17 ` [PATCH v6 1/9] IB/core: IB cache enhancements to support Infiniband security Dan Jurgens
2016-11-23 14:17 ` Dan Jurgens
2016-11-23 14:17 ` [PATCH v6 3/9] selinux lsm IB/core: Implement LSM notification system Dan Jurgens
2016-11-23 14:17 ` Dan Jurgens
[not found] ` <1479910651-43246-4-git-send-email-danielj-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
2016-12-13 14:29 ` Stephen Smalley
2016-12-13 14:29 ` Stephen Smalley
2016-12-13 14:38 ` Daniel Jurgens
2016-12-13 14:38 ` Daniel Jurgens
2016-11-23 14:17 ` Dan Jurgens [this message]
2016-11-23 14:17 ` [PATCH v6 7/9] selinux: Implement Infiniband PKey "Access" access vector Dan Jurgens
2016-12-12 21:38 ` [PATCH v6 0/9] SELinux support for Infiniband RDMA Doug Ledford
2016-12-12 21:38 ` Doug Ledford
2016-12-13 15:04 ` Stephen Smalley
2016-12-13 15:04 ` Stephen Smalley
2016-12-13 16:25 ` Daniel Jurgens
2016-12-13 16:25 ` Daniel Jurgens
2016-12-13 22:17 ` Paul Moore
2017-01-24 21:40 ` Doug Ledford
[not found] ` <1485294015.43764.91.camel-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2017-01-24 21:45 ` Doug Ledford
2017-01-24 21:45 ` Doug Ledford
2017-01-24 22:40 ` Daniel Jurgens
[not found] ` <VI1PR0501MB242933AC0EC458EAD2792560C4750-o1MPJYiShEyB6Z+oivrBG8DSnupUy6xnnBOFsp37pqbUKgpGm//BTAC/G2K4zDHf@public.gmane.org>
2017-01-25 3:08 ` Doug Ledford
2017-01-25 3:08 ` Doug Ledford
2017-01-25 7:58 ` Paul Moore
2017-01-25 7:58 ` Paul Moore
[not found] ` <CAHC9VhTfuftm1oyiBOa4Fx4L-12eX8MCySiS1H98yroCuuoieA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2017-01-25 17:25 ` Doug Ledford
2017-01-25 17:25 ` Doug Ledford
[not found] ` <1485365121.2432.6.camel-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2017-01-25 22:14 ` Paul Moore
2017-01-25 22:14 ` Paul Moore
2017-05-03 14:41 ` Paul Moore
2017-05-03 14:41 ` Paul Moore
2017-05-03 14:41 ` Paul Moore
2017-05-03 19:45 ` Daniel Jurgens
2017-05-03 19:45 ` Daniel Jurgens
2017-05-04 15:51 ` Paul Moore
2017-05-04 15:51 ` Paul Moore
2017-05-17 21:23 ` Paul Moore
2017-05-17 21:23 ` Paul Moore
2017-05-17 21:23 ` Paul Moore
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1479910651-43246-8-git-send-email-danielj@mellanox.com \
--to=danielj-vpraknaxozvwk0htik3j/w@public.gmane.org \
--cc=chrisw-69jw2NvuJkxg9hUCZPvPmw@public.gmane.org \
--cc=dledford-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=eparis-FjpueFixGhCM4zKIHC2jIg@public.gmane.org \
--cc=hal.rosenstock-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org \
--cc=linux-rdma-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-security-module-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=paul-r2n+y4ga6xFZroRs9YW3xA@public.gmane.org \
--cc=sds-+05T5uksL2qpZYMLLGbcSA@public.gmane.org \
--cc=sean.hefty-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org \
--cc=selinux-+05T5uksL2qpZYMLLGbcSA@public.gmane.org \
--cc=yevgenyp-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.