From: Andrei Vagin <avagin@virtuozzo.com>
To: David Howells <dhowells@redhat.com>
Cc: viro@zeniv.linux.org.uk, linux-nfs@vger.kernel.org,
linux-kernel@vger.kernel.org,
linux-security-module@vger.kernel.org,
linux-fsdevel@vger.kernel.org, linux-afs@lists.infradead.org
Subject: Re: [12/24] proc: Add fs_context support to procfs [ver #7]
Date: Tue, 26 Jun 2018 00:27:38 -0700 [thread overview]
Message-ID: <20180626072736.GA31860@outlook.office365.com> (raw)
In-Reply-To: <20180626061320.GA12548@outlook.office365.com>
[-- Attachment #1: Type: text/plain, Size: 3966 bytes --]
On Mon, Jun 25, 2018 at 11:13:20PM -0700, Andrei Vagin wrote:
> On Mon, Jun 18, 2018 at 08:34:50PM -0700, Andrei Vagin wrote:
> > Hi David,
> >
> > We run CRIU tests for vfs/for-next, and today a few of these test failed. I
> > found that the problem appears after this patch..
> >
> > > int pid_ns_prepare_proc(struct pid_namespace *ns)
> > > {
> > > + struct proc_fs_context *ctx;
> > > + struct fs_context *fc;
> > > struct vfsmount *mnt;
> > > + int ret;
> > > +
> > > + fc = vfs_new_fs_context(&proc_fs_type, NULL, 0,
> > > + FS_CONTEXT_FOR_KERNEL_MOUNT);
> > > + if (IS_ERR(fc))
> > > + return PTR_ERR(fc);
> > > +
> > > + ctx = container_of(fc, struct proc_fs_context, fc);
> > > + if (ctx->pid_ns != ns) {
> > > + put_pid_ns(ctx->pid_ns);
> > > + get_pid_ns(ns);
> > > + ctx->pid_ns = ns;
> > > + }
> > > +
> > > + ret = vfs_get_tree(fc);
> > > + if (ret < 0) {
> > > + put_fs_context(fc);
> > > + return ret;
> > > + }
> > >
> > > - mnt = kern_mount_data(&proc_fs_type, ns, 0);
>
> Here ns->user_ns and get_current_cred()->user_ns are not always equal
What do you think about the attached patch?
>
> > > + mnt = vfs_create_mount(fc);
> > > + put_fs_context(fc);
> > > if (IS_ERR(mnt))
> > > return PTR_ERR(mnt);
> > >
>
> > #define _GNU_SOURCE
> > #include <sys/types.h>
> > #include <sched.h>
> > #include <unistd.h>
> > #include <stdio.h>
> > #include <sys/mount.h>
> > #include <sys/wait.h>
> > #include <sys/stat.h>
> > #include <fcntl.h>
> > #include <stdlib.h>
> > #include <grp.h>
> > #include <linux/limits.h>
> >
> >
> > #define NS_STACK_SIZE 4096
> >
> > #define __stack_aligned__ __attribute__((aligned(16)))
> >
> > /* All arguments should be above stack, because it grows down */
> > struct ns_exec_args {
> > char stack[NS_STACK_SIZE] __stack_aligned__;
> > char stack_ptr[0];
> > int pfd[2];
> > };
> >
> > static int ns_exec(void *_arg)
> > {
> > struct ns_exec_args *args = (struct ns_exec_args *) _arg;
> > int ret;
> >
> > close(args->pfd[1]);
> > if (read(args->pfd[0], &ret, sizeof(ret)) != sizeof(ret))
> > return -1;
> >
> > setsid();
> >
> > if (setuid(0) || setgid(0) || setgroups(0, NULL)) {
> > fprintf(stderr, "set*id failed: %m\n");
> > return -1;
> > }
> >
> > if (mount("proc", "/mnt", "proc", MS_MGC_VAL | MS_NOSUID | MS_NOEXEC | MS_NODEV, NULL)) {
> > fprintf(stderr, "mount(/proc) failed: %m\n");
> > return -1;
> > }
> >
> > return 0;
> > }
> >
> > #define UID_MAP "0 100000 100000\n100000 200000 50000"
> > #define GID_MAP "0 400000 50000\n50000 500000 100000"
> > int main()
> > {
> > pid_t pid;
> > int ret, status;
> > struct ns_exec_args args;
> > int flags;
> > char pname[PATH_MAX];
> > int fd, pfd[2];
> >
> > if (pipe(pfd))
> > return 1;
> >
> > args.pfd[0] = pfd[0];
> > args.pfd[1] = pfd[1];
> >
> > flags = CLONE_NEWPID | CLONE_NEWNS | CLONE_NEWUTS |
> > CLONE_NEWNET | CLONE_NEWIPC | CLONE_NEWUSER | SIGCHLD;
> >
> > pid = clone(ns_exec, args.stack_ptr, flags, &args);
> > if (pid < 0) {
> > fprintf(stderr, "clone() failed: %m\n");
> > exit(1);
> > }
> >
> >
> > snprintf(pname, sizeof(pname), "/proc/%d/uid_map", pid);
> > fd = open(pname, O_WRONLY);
> > if (fd < 0) {
> > fprintf(stderr, "open(%s): %m\n", pname);
> > exit(1);
> > }
> > if (write(fd, UID_MAP, sizeof(UID_MAP)) < 0) {
> > fprintf(stderr, "write(" UID_MAP "): %m\n");
> > exit(1);
> > }
> > close(fd);
> >
> > snprintf(pname, sizeof(pname), "/proc/%d/gid_map", pid);
> > fd = open(pname, O_WRONLY);
> > if (fd < 0) {
> > fprintf(stderr, "open(%s): %m\n", pname);
> > exit(1);
> > }
> > if (write(fd, GID_MAP, sizeof(GID_MAP)) < 0) {
> > fprintf(stderr, "write(" GID_MAP "): %m\n");
> > exit(1);
> > }
> > close(fd);
> >
> > if (write(pfd[1], &ret, sizeof(ret)) != sizeof(ret))
> > return 1;
> >
> > if (waitpid(pid, &status, 0) != pid)
> > return 1;
> > if (status)
> > return 1;
> >
> > return 0;
> > }
>
[-- Attachment #2: p --]
[-- Type: text/plain, Size: 2765 bytes --]
diff --git a/fs/fs_context.c b/fs/fs_context.c
index 97e8c1dc4e3b..ad2db7504031 100644
--- a/fs/fs_context.c
+++ b/fs/fs_context.c
@@ -235,10 +235,11 @@ EXPORT_SYMBOL(generic_parse_monolithic);
* another superblock (referred to by @reference) is supplied, may have
* parameters such as namespaces copied across from that superblock.
*/
-struct fs_context *vfs_new_fs_context(struct file_system_type *fs_type,
+struct fs_context *vfs_new_fs_context_userns(struct file_system_type *fs_type,
struct dentry *reference,
unsigned int sb_flags,
- enum fs_context_purpose purpose)
+ enum fs_context_purpose purpose,
+ struct user_namespace *user_ns)
{
struct fs_context *fc;
int ret;
@@ -259,7 +260,7 @@ struct fs_context *vfs_new_fs_context(struct file_system_type *fs_type,
fc->sb_flags |= SB_KERNMOUNT;
/* Fallthrough */
case FS_CONTEXT_FOR_USER_MOUNT:
- fc->user_ns = get_user_ns(fc->cred->user_ns);
+ fc->user_ns = get_user_ns(user_ns ? : fc->cred->user_ns);
fc->net_ns = get_net(current->nsproxy->net_ns);
break;
case FS_CONTEXT_FOR_SUBMOUNT:
diff --git a/fs/proc/root.c b/fs/proc/root.c
index efbdc08a3c86..c832d67067d9 100644
--- a/fs/proc/root.c
+++ b/fs/proc/root.c
@@ -298,8 +298,8 @@ int pid_ns_prepare_proc(struct pid_namespace *ns)
struct vfsmount *mnt;
int ret;
- fc = vfs_new_fs_context(&proc_fs_type, NULL, 0,
- FS_CONTEXT_FOR_KERNEL_MOUNT);
+ fc = vfs_new_fs_context_userns(&proc_fs_type, NULL, 0,
+ FS_CONTEXT_FOR_KERNEL_MOUNT, ns->user_ns);
if (IS_ERR(fc))
return PTR_ERR(fc);
diff --git a/include/linux/fs_context.h b/include/linux/fs_context.h
index 04ea338ff490..283212cda1ff 100644
--- a/include/linux/fs_context.h
+++ b/include/linux/fs_context.h
@@ -92,10 +92,19 @@ struct fs_context_operations {
/*
* fs_context manipulation functions.
*/
-extern struct fs_context *vfs_new_fs_context(struct file_system_type *fs_type,
+extern struct fs_context *vfs_new_fs_context_userns(struct file_system_type *fs_type,
struct dentry *reference,
unsigned int ms_flags,
- enum fs_context_purpose purpose);
+ enum fs_context_purpose purpose,
+ struct user_namespace *user_ns);
+static inline struct fs_context *vfs_new_fs_context(struct file_system_type *fs_type,
+ struct dentry *reference,
+ unsigned int ms_flags,
+ enum fs_context_purpose purpose)
+{
+ return vfs_new_fs_context_userns(fs_type, reference, ms_flags, purpose, NULL);
+}
+
extern struct fs_context *vfs_sb_reconfig(struct path *path, unsigned int ms_flags);
extern struct fs_context *vfs_dup_fs_context(struct fs_context *src);
extern int vfs_set_fs_source(struct fs_context *fc, const char *source, size_t len);
WARNING: multiple messages have this Message-ID (diff)
From: avagin@virtuozzo.com (Andrei Vagin)
To: linux-security-module@vger.kernel.org
Subject: [12/24] proc: Add fs_context support to procfs [ver #7]
Date: Tue, 26 Jun 2018 00:27:38 -0700 [thread overview]
Message-ID: <20180626072736.GA31860@outlook.office365.com> (raw)
In-Reply-To: <20180626061320.GA12548@outlook.office365.com>
On Mon, Jun 25, 2018 at 11:13:20PM -0700, Andrei Vagin wrote:
> On Mon, Jun 18, 2018 at 08:34:50PM -0700, Andrei Vagin wrote:
> > Hi David,
> >
> > We run CRIU tests for vfs/for-next, and today a few of these test failed. I
> > found that the problem appears after this patch..
> >
> > > int pid_ns_prepare_proc(struct pid_namespace *ns)
> > > {
> > > + struct proc_fs_context *ctx;
> > > + struct fs_context *fc;
> > > struct vfsmount *mnt;
> > > + int ret;
> > > +
> > > + fc = vfs_new_fs_context(&proc_fs_type, NULL, 0,
> > > + FS_CONTEXT_FOR_KERNEL_MOUNT);
> > > + if (IS_ERR(fc))
> > > + return PTR_ERR(fc);
> > > +
> > > + ctx = container_of(fc, struct proc_fs_context, fc);
> > > + if (ctx->pid_ns != ns) {
> > > + put_pid_ns(ctx->pid_ns);
> > > + get_pid_ns(ns);
> > > + ctx->pid_ns = ns;
> > > + }
> > > +
> > > + ret = vfs_get_tree(fc);
> > > + if (ret < 0) {
> > > + put_fs_context(fc);
> > > + return ret;
> > > + }
> > >
> > > - mnt = kern_mount_data(&proc_fs_type, ns, 0);
>
> Here ns->user_ns and get_current_cred()->user_ns are not always equal
What do you think about the attached patch?
>
> > > + mnt = vfs_create_mount(fc);
> > > + put_fs_context(fc);
> > > if (IS_ERR(mnt))
> > > return PTR_ERR(mnt);
> > >
>
> > #define _GNU_SOURCE
> > #include <sys/types.h>
> > #include <sched.h>
> > #include <unistd.h>
> > #include <stdio.h>
> > #include <sys/mount.h>
> > #include <sys/wait.h>
> > #include <sys/stat.h>
> > #include <fcntl.h>
> > #include <stdlib.h>
> > #include <grp.h>
> > #include <linux/limits.h>
> >
> >
> > #define NS_STACK_SIZE 4096
> >
> > #define __stack_aligned__ __attribute__((aligned(16)))
> >
> > /* All arguments should be above stack, because it grows down */
> > struct ns_exec_args {
> > char stack[NS_STACK_SIZE] __stack_aligned__;
> > char stack_ptr[0];
> > int pfd[2];
> > };
> >
> > static int ns_exec(void *_arg)
> > {
> > struct ns_exec_args *args = (struct ns_exec_args *) _arg;
> > int ret;
> >
> > close(args->pfd[1]);
> > if (read(args->pfd[0], &ret, sizeof(ret)) != sizeof(ret))
> > return -1;
> >
> > setsid();
> >
> > if (setuid(0) || setgid(0) || setgroups(0, NULL)) {
> > fprintf(stderr, "set*id failed: %m\n");
> > return -1;
> > }
> >
> > if (mount("proc", "/mnt", "proc", MS_MGC_VAL | MS_NOSUID | MS_NOEXEC | MS_NODEV, NULL)) {
> > fprintf(stderr, "mount(/proc) failed: %m\n");
> > return -1;
> > }
> >
> > return 0;
> > }
> >
> > #define UID_MAP "0 100000 100000\n100000 200000 50000"
> > #define GID_MAP "0 400000 50000\n50000 500000 100000"
> > int main()
> > {
> > pid_t pid;
> > int ret, status;
> > struct ns_exec_args args;
> > int flags;
> > char pname[PATH_MAX];
> > int fd, pfd[2];
> >
> > if (pipe(pfd))
> > return 1;
> >
> > args.pfd[0] = pfd[0];
> > args.pfd[1] = pfd[1];
> >
> > flags = CLONE_NEWPID | CLONE_NEWNS | CLONE_NEWUTS |
> > CLONE_NEWNET | CLONE_NEWIPC | CLONE_NEWUSER | SIGCHLD;
> >
> > pid = clone(ns_exec, args.stack_ptr, flags, &args);
> > if (pid < 0) {
> > fprintf(stderr, "clone() failed: %m\n");
> > exit(1);
> > }
> >
> >
> > snprintf(pname, sizeof(pname), "/proc/%d/uid_map", pid);
> > fd = open(pname, O_WRONLY);
> > if (fd < 0) {
> > fprintf(stderr, "open(%s): %m\n", pname);
> > exit(1);
> > }
> > if (write(fd, UID_MAP, sizeof(UID_MAP)) < 0) {
> > fprintf(stderr, "write(" UID_MAP "): %m\n");
> > exit(1);
> > }
> > close(fd);
> >
> > snprintf(pname, sizeof(pname), "/proc/%d/gid_map", pid);
> > fd = open(pname, O_WRONLY);
> > if (fd < 0) {
> > fprintf(stderr, "open(%s): %m\n", pname);
> > exit(1);
> > }
> > if (write(fd, GID_MAP, sizeof(GID_MAP)) < 0) {
> > fprintf(stderr, "write(" GID_MAP "): %m\n");
> > exit(1);
> > }
> > close(fd);
> >
> > if (write(pfd[1], &ret, sizeof(ret)) != sizeof(ret))
> > return 1;
> >
> > if (waitpid(pid, &status, 0) != pid)
> > return 1;
> > if (status)
> > return 1;
> >
> > return 0;
> > }
>
-------------- next part --------------
diff --git a/fs/fs_context.c b/fs/fs_context.c
index 97e8c1dc4e3b..ad2db7504031 100644
--- a/fs/fs_context.c
+++ b/fs/fs_context.c
@@ -235,10 +235,11 @@ EXPORT_SYMBOL(generic_parse_monolithic);
* another superblock (referred to by @reference) is supplied, may have
* parameters such as namespaces copied across from that superblock.
*/
-struct fs_context *vfs_new_fs_context(struct file_system_type *fs_type,
+struct fs_context *vfs_new_fs_context_userns(struct file_system_type *fs_type,
struct dentry *reference,
unsigned int sb_flags,
- enum fs_context_purpose purpose)
+ enum fs_context_purpose purpose,
+ struct user_namespace *user_ns)
{
struct fs_context *fc;
int ret;
@@ -259,7 +260,7 @@ struct fs_context *vfs_new_fs_context(struct file_system_type *fs_type,
fc->sb_flags |= SB_KERNMOUNT;
/* Fallthrough */
case FS_CONTEXT_FOR_USER_MOUNT:
- fc->user_ns = get_user_ns(fc->cred->user_ns);
+ fc->user_ns = get_user_ns(user_ns ? : fc->cred->user_ns);
fc->net_ns = get_net(current->nsproxy->net_ns);
break;
case FS_CONTEXT_FOR_SUBMOUNT:
diff --git a/fs/proc/root.c b/fs/proc/root.c
index efbdc08a3c86..c832d67067d9 100644
--- a/fs/proc/root.c
+++ b/fs/proc/root.c
@@ -298,8 +298,8 @@ int pid_ns_prepare_proc(struct pid_namespace *ns)
struct vfsmount *mnt;
int ret;
- fc = vfs_new_fs_context(&proc_fs_type, NULL, 0,
- FS_CONTEXT_FOR_KERNEL_MOUNT);
+ fc = vfs_new_fs_context_userns(&proc_fs_type, NULL, 0,
+ FS_CONTEXT_FOR_KERNEL_MOUNT, ns->user_ns);
if (IS_ERR(fc))
return PTR_ERR(fc);
diff --git a/include/linux/fs_context.h b/include/linux/fs_context.h
index 04ea338ff490..283212cda1ff 100644
--- a/include/linux/fs_context.h
+++ b/include/linux/fs_context.h
@@ -92,10 +92,19 @@ struct fs_context_operations {
/*
* fs_context manipulation functions.
*/
-extern struct fs_context *vfs_new_fs_context(struct file_system_type *fs_type,
+extern struct fs_context *vfs_new_fs_context_userns(struct file_system_type *fs_type,
struct dentry *reference,
unsigned int ms_flags,
- enum fs_context_purpose purpose);
+ enum fs_context_purpose purpose,
+ struct user_namespace *user_ns);
+static inline struct fs_context *vfs_new_fs_context(struct file_system_type *fs_type,
+ struct dentry *reference,
+ unsigned int ms_flags,
+ enum fs_context_purpose purpose)
+{
+ return vfs_new_fs_context_userns(fs_type, reference, ms_flags, purpose, NULL);
+}
+
extern struct fs_context *vfs_sb_reconfig(struct path *path, unsigned int ms_flags);
extern struct fs_context *vfs_dup_fs_context(struct fs_context *src);
extern int vfs_set_fs_source(struct fs_context *fc, const char *source, size_t len);
next prev parent reply other threads:[~2018-06-26 7:28 UTC|newest]
Thread overview: 82+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-04-19 13:31 [PATCH 00/24] VFS: Introduce filesystem context [ver #7] David Howells
2018-04-19 13:31 ` David Howells
2018-04-19 13:31 ` [PATCH 01/24] vfs: Undo an overly zealous MS_RDONLY -> SB_RDONLY conversion " David Howells
2018-04-19 13:31 ` David Howells
2018-04-19 13:31 ` [PATCH 02/24] VFS: Suppress MS_* flag defs within the kernel unless explicitly enabled " David Howells
2018-04-19 13:31 ` David Howells
2018-04-19 13:31 ` [PATCH 03/24] VFS: Introduce the structs and doc for a filesystem context " David Howells
2018-04-19 13:31 ` David Howells
2018-04-23 3:36 ` Randy Dunlap
2018-04-23 3:36 ` Randy Dunlap
2018-05-01 14:29 ` David Howells
2018-05-01 14:29 ` David Howells
2018-05-01 15:31 ` Randy Dunlap
2018-05-01 15:31 ` Randy Dunlap
2018-04-19 13:31 ` [PATCH 04/24] VFS: Add LSM hooks for " David Howells
2018-04-19 13:31 ` David Howells
2018-04-19 20:32 ` Paul Moore
2018-04-19 20:32 ` Paul Moore
2018-04-20 15:35 ` David Howells
2018-04-20 15:35 ` David Howells
2018-04-23 13:25 ` Stephen Smalley
2018-04-23 13:25 ` Stephen Smalley
2018-04-24 15:22 ` David Howells
2018-04-24 15:22 ` David Howells
2018-04-25 14:07 ` Stephen Smalley
2018-04-25 14:07 ` Stephen Smalley
2018-04-19 13:31 ` [PATCH 05/24] apparmor: Implement security hooks for the new mount API " David Howells
2018-04-19 13:31 ` David Howells
2018-05-04 0:10 ` John Johansen
2018-05-04 0:10 ` John Johansen
2018-05-11 12:20 ` David Howells
2018-05-11 12:20 ` David Howells
2018-05-11 12:20 ` David Howells
2018-04-19 13:31 ` [PATCH 06/24] tomoyo: " David Howells
2018-04-19 13:31 ` David Howells
2018-04-19 13:31 ` [PATCH 07/24] smack: Implement filesystem context security hooks " David Howells
2018-04-19 13:31 ` David Howells
2018-04-19 13:31 ` [PATCH 08/24] VFS: Require specification of size of mount data for internal mounts " David Howells
2018-04-19 13:32 ` [PATCH 09/24] VFS: Implement a filesystem superblock creation/configuration context " David Howells
2018-04-19 13:32 ` David Howells
2018-04-19 13:32 ` [PATCH 10/24] VFS: Remove unused code after filesystem context changes " David Howells
2018-04-19 13:32 ` David Howells
2018-04-19 13:32 ` [PATCH 11/24] procfs: Move proc_fill_super() to fs/proc/root.c " David Howells
2018-04-19 13:32 ` David Howells
2018-04-19 13:32 ` [PATCH 12/24] proc: Add fs_context support to procfs " David Howells
2018-04-19 13:32 ` David Howells
2018-06-19 3:34 ` [12/24] " Andrei Vagin
2018-06-19 3:34 ` Andrei Vagin
2018-06-26 6:13 ` Andrei Vagin
2018-06-26 6:13 ` Andrei Vagin
2018-06-26 7:27 ` Andrei Vagin [this message]
2018-06-26 7:27 ` Andrei Vagin
2018-06-26 8:57 ` David Howells
2018-06-26 8:57 ` David Howells
2018-06-28 5:50 ` Andrei Vagin
2018-06-28 5:50 ` Andrei Vagin
2018-06-28 5:50 ` Andrei Vagin
2018-06-28 5:50 ` Andrei Vagin
2018-04-19 13:32 ` [PATCH 13/24] ipc: Convert mqueue fs to fs_context " David Howells
2018-04-19 13:32 ` David Howells
2018-04-19 13:32 ` [PATCH 14/24] cpuset: Use " David Howells
2018-04-19 13:32 ` David Howells
2018-04-19 13:32 ` [PATCH 15/24] kernfs, sysfs, cgroup, intel_rdt: Support " David Howells
2018-04-19 13:32 ` David Howells
2018-04-19 13:33 ` [PATCH 16/24] hugetlbfs: Convert to " David Howells
2018-04-19 13:33 ` David Howells
2018-04-19 13:33 ` [PATCH 17/24] VFS: Remove kern_mount_data() " David Howells
2018-04-19 13:33 ` David Howells
2018-04-19 13:33 ` [PATCH 18/24] VFS: Implement fsopen() to prepare for a mount " David Howells
2018-04-19 13:33 ` David Howells
2018-04-19 13:33 ` [PATCH 19/24] VFS: Implement fsmount() to effect a pre-configured " David Howells
2018-04-19 13:33 ` David Howells
2018-04-19 13:33 ` [PATCH 20/24] afs: Fix server record deletion " David Howells
2018-04-19 13:33 ` David Howells
2018-04-19 13:33 ` [PATCH 21/24] net: Export get_proc_net() " David Howells
2018-04-19 13:33 ` David Howells
2018-04-19 13:33 ` [PATCH 22/24] afs: Add fs_context support " David Howells
2018-04-19 13:33 ` David Howells
2018-04-19 13:33 ` [PATCH 23/24] afs: Implement namespacing " David Howells
2018-04-19 13:33 ` David Howells
2018-04-19 13:33 ` [PATCH 24/24] afs: Use fs_context to pass parameters over automount " David Howells
2018-04-19 13:33 ` David Howells
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180626072736.GA31860@outlook.office365.com \
--to=avagin@virtuozzo.com \
--cc=dhowells@redhat.com \
--cc=linux-afs@lists.infradead.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-nfs@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.