From: Stefan Berger <stefanb-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>
To: "Serge E. Hallyn" <serge-A9i7LUbDfNHQT0dZR+AlfA@public.gmane.org>
Cc: Mimi Zohar
<zohar-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>,
containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org,
LKML <linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
xiaolong.ye-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org,
"Eric W. Biederman"
<ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>,
lkp-JC7UmRfGjtg@public.gmane.org
Subject: Re: [PATCH v4] Introduce v3 namespaced file capabilities
Date: Mon, 19 Jun 2017 09:05:43 -0400 [thread overview]
Message-ID: <150d96e7-0cc3-f12e-15f2-6987e571f541@linux.vnet.ibm.com> (raw)
In-Reply-To: <e9720595-2cdc-4dd7-57e7-95b85896d4ac-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>
On 06/18/2017 09:13 PM, Stefan Berger wrote:
> On 06/18/2017 06:14 PM, Serge E. Hallyn wrote:
>> Quoting Stefan Berger (stefanb-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org):
>>> On 06/14/2017 11:05 PM, Serge E. Hallyn wrote:
>>>> On Wed, Jun 14, 2017 at 08:27:40AM -0400, Stefan Berger wrote:
>>>>> On 06/13/2017 07:55 PM, Serge E. Hallyn wrote:
>>>>>> Quoting Stefan Berger (stefanb-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org):
>>>>>>> If all extended
>>>>>>> attributes were to support this model, maybe the 'uid' could be
>>>>>>> associated with the 'name' of the xattr rather than its 'value'
>>>>>>> (not
>>>>>>> sure whether that's possible).
>>>>>> Right, I missed that in your original email when I saw it this
>>>>>> morning.
>>>>>> It's not what my patch does, but it's an interesting idea. Do
>>>>>> you have
>>>>>> a patch to that effect? We might even be able to generalize that to
>>>>> No, I don't have a patch. It may not be possible to implement it.
>>>>> The xattr_handler's take the name of the xattr as input to get().
>>>> That may be ok though. Assume the host created a container with
>>>> 100000 as the uid for root, which created a container with 130000 as
>>>> uid for root. If root in the nested container tries to read the
>>>> xattr, the kernel can check for security.foo[130000] first, then
>>>> security.foo[100000], then security.foo. Or, it can do a listxattr
>>>> and look for those. Am I overlooking one?
>>>>
>>>>> So one could try to encode the mapped uid in the name. However, that
>>>> I thought that's exactly what you were suggesting in your original
>>>> email? "security.capability[uid=2000]"
>>>>
>>>>> could lead to problems with stale xattrs in a shared filesystem over
>>>>> time unless one could limit the number of xattrs with the same
>>>>> prefix, e.g., security.capability*. So I doubt that it would work.
>>>> Hm. Yeah. But really how many setups are there like that? I.e. if
>>>> you launch a regular docker or lxd container, the image doesn't do a
>>>> bind mount of a shared image, it layers something above it or does a
>>>> copy. What setups do you know of where multiple containers in
>>>> different
>>>> user namespaces mount the same filesystem shared and writeable?
>>> I think I have something now that accomodates userns access to
>>> security.capability:
>>>
>>> https://github.com/stefanberger/linux/commits/xattr_for_userns
>> Thanks!
>>
>>> Encoding of uid is in the attribute name now as follows:
>>> security.foo@uid=<uid>
>>>
>>> 1) The 'plain' security.capability is only r/w accessible from the
>>> host (init_user_ns).
>>> 2) When userns reads/writes 'security.capability' it will read/write
>>> security.capability@uid=<uid> instead, with uid being the uid of
>>> root , e.g. 1000.
>>> 3) When listing xattrs for userns the host's security.capability is
>>> filtered out to avoid read failures iof 'security.capability' if
>>> security.capability@uid=<uid> is read but not there. (see 1) and 2))
>>> 4) security.capability* may all be read from anywhere
>>> 5) security.capability@uid=<uid> may be read or written directly
>>> from a userns if <uid> matches the uid of root (current_uid())
>> This looks very close to what we want. One exception - we do want
>> to support root in a user namespace being able to write
>> security.capability@uid=<x> where <x> is a valid uid mapped in its
>> namespace. In that case the name should be rewritten to be
>> security.capability@uid=<y> where y is the unmapped kuid.val.
>
> I'll try to write a patch on top of the existing one.
Did that now in a 2nd patch (that also fixes a few problems of the 1st).
In a user ns mapped to 1000 root can write security.capability@uid=123,
which then ends up writing to security.capability@uid=1123. The reading
also works with @uid=123. When listing xattrs only those get shown that
actually have valid mappings.
https://github.com/stefanberger/linux/commits/xattr_for_userns
Stefan
WARNING: multiple messages have this Message-ID (diff)
From: Stefan Berger <stefanb@linux.vnet.ibm.com>
To: "Serge E. Hallyn" <serge@hallyn.com>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>,
Masami Ichikawa <masami256@gmail.com>,
containers@lists.linux-foundation.org, lkp@01.org,
xiaolong.ye@intel.com, LKML <linux-kernel@vger.kernel.org>,
Mimi Zohar <zohar@linux.vnet.ibm.com>
Subject: Re: [PATCH v4] Introduce v3 namespaced file capabilities
Date: Mon, 19 Jun 2017 09:05:43 -0400 [thread overview]
Message-ID: <150d96e7-0cc3-f12e-15f2-6987e571f541@linux.vnet.ibm.com> (raw)
In-Reply-To: <e9720595-2cdc-4dd7-57e7-95b85896d4ac@linux.vnet.ibm.com>
On 06/18/2017 09:13 PM, Stefan Berger wrote:
> On 06/18/2017 06:14 PM, Serge E. Hallyn wrote:
>> Quoting Stefan Berger (stefanb@linux.vnet.ibm.com):
>>> On 06/14/2017 11:05 PM, Serge E. Hallyn wrote:
>>>> On Wed, Jun 14, 2017 at 08:27:40AM -0400, Stefan Berger wrote:
>>>>> On 06/13/2017 07:55 PM, Serge E. Hallyn wrote:
>>>>>> Quoting Stefan Berger (stefanb@linux.vnet.ibm.com):
>>>>>>> If all extended
>>>>>>> attributes were to support this model, maybe the 'uid' could be
>>>>>>> associated with the 'name' of the xattr rather than its 'value'
>>>>>>> (not
>>>>>>> sure whether that's possible).
>>>>>> Right, I missed that in your original email when I saw it this
>>>>>> morning.
>>>>>> It's not what my patch does, but it's an interesting idea. Do
>>>>>> you have
>>>>>> a patch to that effect? We might even be able to generalize that to
>>>>> No, I don't have a patch. It may not be possible to implement it.
>>>>> The xattr_handler's take the name of the xattr as input to get().
>>>> That may be ok though. Assume the host created a container with
>>>> 100000 as the uid for root, which created a container with 130000 as
>>>> uid for root. If root in the nested container tries to read the
>>>> xattr, the kernel can check for security.foo[130000] first, then
>>>> security.foo[100000], then security.foo. Or, it can do a listxattr
>>>> and look for those. Am I overlooking one?
>>>>
>>>>> So one could try to encode the mapped uid in the name. However, that
>>>> I thought that's exactly what you were suggesting in your original
>>>> email? "security.capability[uid=2000]"
>>>>
>>>>> could lead to problems with stale xattrs in a shared filesystem over
>>>>> time unless one could limit the number of xattrs with the same
>>>>> prefix, e.g., security.capability*. So I doubt that it would work.
>>>> Hm. Yeah. But really how many setups are there like that? I.e. if
>>>> you launch a regular docker or lxd container, the image doesn't do a
>>>> bind mount of a shared image, it layers something above it or does a
>>>> copy. What setups do you know of where multiple containers in
>>>> different
>>>> user namespaces mount the same filesystem shared and writeable?
>>> I think I have something now that accomodates userns access to
>>> security.capability:
>>>
>>> https://github.com/stefanberger/linux/commits/xattr_for_userns
>> Thanks!
>>
>>> Encoding of uid is in the attribute name now as follows:
>>> security.foo@uid=<uid>
>>>
>>> 1) The 'plain' security.capability is only r/w accessible from the
>>> host (init_user_ns).
>>> 2) When userns reads/writes 'security.capability' it will read/write
>>> security.capability@uid=<uid> instead, with uid being the uid of
>>> root , e.g. 1000.
>>> 3) When listing xattrs for userns the host's security.capability is
>>> filtered out to avoid read failures iof 'security.capability' if
>>> security.capability@uid=<uid> is read but not there. (see 1) and 2))
>>> 4) security.capability* may all be read from anywhere
>>> 5) security.capability@uid=<uid> may be read or written directly
>>> from a userns if <uid> matches the uid of root (current_uid())
>> This looks very close to what we want. One exception - we do want
>> to support root in a user namespace being able to write
>> security.capability@uid=<x> where <x> is a valid uid mapped in its
>> namespace. In that case the name should be rewritten to be
>> security.capability@uid=<y> where y is the unmapped kuid.val.
>
> I'll try to write a patch on top of the existing one.
Did that now in a 2nd patch (that also fixes a few problems of the 1st).
In a user ns mapped to 1000 root can write security.capability@uid=123,
which then ends up writing to security.capability@uid=1123. The reading
also works with @uid=123. When listing xattrs only those get shown that
actually have valid mappings.
https://github.com/stefanberger/linux/commits/xattr_for_userns
Stefan
WARNING: multiple messages have this Message-ID (diff)
From: Stefan Berger <stefanb@linux.vnet.ibm.com>
To: lkp@lists.01.org
Subject: Re: [PATCH v4] Introduce v3 namespaced file capabilities
Date: Mon, 19 Jun 2017 09:05:43 -0400 [thread overview]
Message-ID: <150d96e7-0cc3-f12e-15f2-6987e571f541@linux.vnet.ibm.com> (raw)
In-Reply-To: <e9720595-2cdc-4dd7-57e7-95b85896d4ac@linux.vnet.ibm.com>
[-- Attachment #1: Type: text/plain, Size: 4016 bytes --]
On 06/18/2017 09:13 PM, Stefan Berger wrote:
> On 06/18/2017 06:14 PM, Serge E. Hallyn wrote:
>> Quoting Stefan Berger (stefanb(a)linux.vnet.ibm.com):
>>> On 06/14/2017 11:05 PM, Serge E. Hallyn wrote:
>>>> On Wed, Jun 14, 2017 at 08:27:40AM -0400, Stefan Berger wrote:
>>>>> On 06/13/2017 07:55 PM, Serge E. Hallyn wrote:
>>>>>> Quoting Stefan Berger (stefanb(a)linux.vnet.ibm.com):
>>>>>>> If all extended
>>>>>>> attributes were to support this model, maybe the 'uid' could be
>>>>>>> associated with the 'name' of the xattr rather than its 'value'
>>>>>>> (not
>>>>>>> sure whether that's possible).
>>>>>> Right, I missed that in your original email when I saw it this
>>>>>> morning.
>>>>>> It's not what my patch does, but it's an interesting idea. Do
>>>>>> you have
>>>>>> a patch to that effect? We might even be able to generalize that to
>>>>> No, I don't have a patch. It may not be possible to implement it.
>>>>> The xattr_handler's take the name of the xattr as input to get().
>>>> That may be ok though. Assume the host created a container with
>>>> 100000 as the uid for root, which created a container with 130000 as
>>>> uid for root. If root in the nested container tries to read the
>>>> xattr, the kernel can check for security.foo[130000] first, then
>>>> security.foo[100000], then security.foo. Or, it can do a listxattr
>>>> and look for those. Am I overlooking one?
>>>>
>>>>> So one could try to encode the mapped uid in the name. However, that
>>>> I thought that's exactly what you were suggesting in your original
>>>> email? "security.capability[uid=2000]"
>>>>
>>>>> could lead to problems with stale xattrs in a shared filesystem over
>>>>> time unless one could limit the number of xattrs with the same
>>>>> prefix, e.g., security.capability*. So I doubt that it would work.
>>>> Hm. Yeah. But really how many setups are there like that? I.e. if
>>>> you launch a regular docker or lxd container, the image doesn't do a
>>>> bind mount of a shared image, it layers something above it or does a
>>>> copy. What setups do you know of where multiple containers in
>>>> different
>>>> user namespaces mount the same filesystem shared and writeable?
>>> I think I have something now that accomodates userns access to
>>> security.capability:
>>>
>>> https://github.com/stefanberger/linux/commits/xattr_for_userns
>> Thanks!
>>
>>> Encoding of uid is in the attribute name now as follows:
>>> security.foo(a)uid=<uid>
>>>
>>> 1) The 'plain' security.capability is only r/w accessible from the
>>> host (init_user_ns).
>>> 2) When userns reads/writes 'security.capability' it will read/write
>>> security.capability(a)uid=<uid> instead, with uid being the uid of
>>> root , e.g. 1000.
>>> 3) When listing xattrs for userns the host's security.capability is
>>> filtered out to avoid read failures iof 'security.capability' if
>>> security.capability(a)uid=<uid> is read but not there. (see 1) and 2))
>>> 4) security.capability* may all be read from anywhere
>>> 5) security.capability(a)uid=<uid> may be read or written directly
>>> from a userns if <uid> matches the uid of root (current_uid())
>> This looks very close to what we want. One exception - we do want
>> to support root in a user namespace being able to write
>> security.capability(a)uid=<x> where <x> is a valid uid mapped in its
>> namespace. In that case the name should be rewritten to be
>> security.capability(a)uid=<y> where y is the unmapped kuid.val.
>
> I'll try to write a patch on top of the existing one.
Did that now in a 2nd patch (that also fixes a few problems of the 1st).
In a user ns mapped to 1000 root can write security.capability(a)uid=123,
which then ends up writing to security.capability(a)uid=1123. The reading
also works with @uid=123. When listing xattrs only those get shown that
actually have valid mappings.
https://github.com/stefanberger/linux/commits/xattr_for_userns
Stefan
next prev parent reply other threads:[~2017-06-19 13:05 UTC|newest]
Thread overview: 97+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-05-07 9:21 64fa03de33: BUG:Dentry_still_in_use kernel test robot
2017-05-07 9:21 ` kernel test robot
2017-05-07 9:21 ` kernel test robot
[not found] ` <20170507092105.GA67584-aQzoWfPLU1itqXYlAKuG4QC/G2K4zDHf@public.gmane.org>
2017-05-08 4:44 ` Serge E. Hallyn
2017-05-08 4:44 ` Serge E. Hallyn
[not found] ` <20170508044408.GA11400-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2017-05-08 11:47 ` Masami Ichikawa
2017-05-08 11:47 ` Masami Ichikawa
2017-05-08 15:49 ` Serge E. Hallyn
[not found] ` <CACOXgS9a=avAWZEre1Q1CGjSHeq78Pkq1fYfwPjiyEX-u=B5wQ-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2017-05-08 15:49 ` Serge E. Hallyn
2017-05-08 18:11 ` [PATCH v4] Introduce v3 namespaced file capabilities Serge E. Hallyn
2017-05-08 18:11 ` Serge E. Hallyn
[not found] ` <20170508181156.GA23112-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2017-05-09 16:55 ` Eric W. Biederman
2017-05-09 16:55 ` Eric W. Biederman
2017-05-09 16:55 ` Eric W. Biederman
[not found] ` <87a86mvuko.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2017-05-09 20:37 ` Serge E. Hallyn
2017-05-09 20:37 ` Serge E. Hallyn
[not found] ` <20170509203736.GB14900-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2017-05-09 22:27 ` Eric W. Biederman
2017-05-09 22:27 ` Eric W. Biederman
2017-05-09 22:27 ` Eric W. Biederman
2017-06-13 15:47 ` Stefan Berger
2017-06-13 15:47 ` Stefan Berger
2017-06-13 15:47 ` Stefan Berger
2017-06-13 17:14 ` Tycho Andersen
2017-06-13 17:42 ` Stefan Berger
2017-06-13 17:42 ` Stefan Berger
2017-06-13 17:42 ` Stefan Berger
[not found] ` <f7c51332-e405-f337-3938-ad93bab8f50d-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>
2017-06-13 20:51 ` Tycho Andersen via Containers
2017-06-13 20:51 ` Tycho Andersen
2017-06-13 17:45 ` James Bottomley
2017-06-13 17:45 ` James Bottomley
2017-06-13 17:45 ` James Bottomley
2017-06-13 20:46 ` Tycho Andersen
2017-06-13 20:49 ` Stefan Berger
2017-06-13 20:49 ` Stefan Berger
2017-06-13 20:49 ` Stefan Berger
2017-06-13 20:53 ` Tycho Andersen
2017-06-13 20:58 ` Stefan Berger
2017-06-13 20:58 ` Stefan Berger
2017-06-13 20:58 ` Stefan Berger
2017-06-13 20:59 ` Mimi Zohar
2017-06-13 20:59 ` Mimi Zohar
[not found] ` <1497387570.21594.427.camel-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>
2017-06-13 21:09 ` Tycho Andersen via Containers
2017-06-13 21:09 ` Tycho Andersen
2017-06-13 20:59 ` Mimi Zohar
[not found] ` <8933bf11-7ca2-fa12-8d51-46d94d94a182-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>
2017-06-13 20:53 ` Tycho Andersen via Containers
[not found] ` <1497375902.7379.25.camel-d9PhHud1JfjCXq6kfMZ53/egYHeGw8Jk@public.gmane.org>
2017-06-13 20:46 ` Tycho Andersen via Containers
2017-06-13 17:18 ` Serge E. Hallyn
2017-06-13 18:12 ` Stefan Berger
2017-06-13 18:12 ` Stefan Berger
2017-06-13 23:55 ` Serge E. Hallyn
[not found] ` <20170613235521.GC15685-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2017-06-14 12:27 ` Stefan Berger
2017-06-14 12:27 ` Stefan Berger
2017-06-14 12:27 ` Stefan Berger
[not found] ` <ce471b11-e76a-25f3-eae8-eca30e7233af-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>
2017-06-15 3:05 ` Serge E. Hallyn
2017-06-15 3:05 ` Serge E. Hallyn
2017-06-16 9:02 ` Christian Brauner
[not found] ` <20170615030543.GA8979-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2017-06-16 9:02 ` Christian Brauner
2017-06-16 22:24 ` Stefan Berger
2017-06-16 22:24 ` Stefan Berger
2017-06-16 22:24 ` Stefan Berger
2017-06-17 20:56 ` Stefan Berger
2017-06-17 20:56 ` Stefan Berger
2017-06-17 20:56 ` Stefan Berger
[not found] ` <f0df1914-bca2-31a0-cdba-df30d85d70b3-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>
2017-06-18 22:14 ` Serge E. Hallyn
2017-06-18 22:14 ` Serge E. Hallyn
[not found] ` <20170618221418.GA364-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2017-06-19 1:13 ` Stefan Berger
2017-06-19 1:13 ` Stefan Berger
2017-06-19 1:13 ` Stefan Berger
[not found] ` <e9720595-2cdc-4dd7-57e7-95b85896d4ac-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>
2017-06-19 13:05 ` Stefan Berger [this message]
2017-06-19 13:05 ` Stefan Berger
2017-06-19 13:05 ` Stefan Berger
2017-06-20 6:23 ` Serge E. Hallyn
2017-06-20 6:23 ` Serge E. Hallyn
2017-06-19 21:34 ` Eric W. Biederman
2017-06-19 21:34 ` Eric W. Biederman
2017-06-19 21:34 ` Eric W. Biederman
2017-06-20 5:42 ` Amir Goldstein
[not found] ` <CAOQ4uxhi5fezF7e9FpS=hHUb1LqzyCNq9BcG14RV_Srj1hS-Vw-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2017-06-20 12:19 ` Stefan Berger
2017-06-20 12:19 ` Stefan Berger
2017-06-20 12:19 ` Stefan Berger
[not found] ` <645d3a5e-4b76-cc90-50d6-4a7a7c3b678c-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>
2017-06-20 17:33 ` Stefan Berger
2017-06-20 17:33 ` Stefan Berger
2017-06-20 17:33 ` Stefan Berger
[not found] ` <87dfaf3b-f466-9831-1c76-32d4cabd8cf6-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>
2017-06-20 19:56 ` Amir Goldstein
2017-06-20 19:56 ` Amir Goldstein
2017-06-20 19:57 ` Vivek Goyal
2017-06-20 19:57 ` Vivek Goyal
2017-06-20 19:57 ` Vivek Goyal
[not found] ` <87tw3boe5d.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2017-06-20 5:42 ` Amir Goldstein
[not found] ` <74e490f3-3c47-abfa-86ae-0fa0d1ddb43a-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>
2017-06-13 23:55 ` Serge E. Hallyn
[not found] ` <20170613171818.GA9070-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2017-06-13 18:12 ` Stefan Berger
[not found] ` <9f80188c-df03-066a-5dac-785cc711d064-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>
2017-06-13 17:14 ` Tycho Andersen via Containers
2017-06-13 17:18 ` Serge E. Hallyn
2017-06-13 23:42 ` Serge E. Hallyn
2017-06-13 23:42 ` Serge E. Hallyn
[not found] ` <20170613234214.GA15685-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2017-06-13 23:50 ` Serge E. Hallyn
2017-06-13 23:50 ` Serge E. Hallyn
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=150d96e7-0cc3-f12e-15f2-6987e571f541@linux.vnet.ibm.com \
--to=stefanb-23vcf4htsmix0ybbhkvfkdbpr1lh4cv8@public.gmane.org \
--cc=containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org \
--cc=ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org \
--cc=linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=lkp-JC7UmRfGjtg@public.gmane.org \
--cc=serge-A9i7LUbDfNHQT0dZR+AlfA@public.gmane.org \
--cc=xiaolong.ye-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org \
--cc=zohar-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.