From: "Serge E. Hallyn" <serge@hallyn.com> To: "Eric W. Biederman" <ebiederm@xmission.com> Cc: "Serge E. Hallyn" <serge@hallyn.com>, Stefan Berger <stefanb@linux.vnet.ibm.com>, containers@lists.linux-foundation.org, lkp@01.org, linux-kernel@vger.kernel.org, zohar@linux.vnet.ibm.com, tycho@docker.com, James.Bottomley@HansenPartnership.com, vgoyal@redhat.com, christian.brauner@mailbox.org, amir73il@gmail.com, linux-security-module@vger.kernel.org, casey@schaufler-ca.com Subject: Re: [PATCH v2] xattr: Enable security.capability in user namespaces Date: Wed, 12 Jul 2017 19:43:44 -0500 [thread overview] Message-ID: <20170713004344.GA23272@mail.hallyn.com> (raw) In-Reply-To: <877ezdgsey.fsf@xmission.com> Quoting Eric W. Biederman (ebiederm@xmission.com): > "Serge E. Hallyn" <serge@hallyn.com> writes: > > > Quoting Eric W. Biederman (ebiederm@xmission.com): > >> Stefan Berger <"Stefan Bergerstefanb"@linux.vnet.ibm.com> writes: > >> > Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com> > >> > Signed-off-by: Serge Hallyn <serge@hallyn.com> > >> > Reviewed-by: Serge Hallyn <serge@hallyn.com> > >> > >> It doesn't look like this is coming through Serge so I don't see how > >> the Signed-off-by tag is legtimate. > > > > This is mostly explained by the fact that there have been a *lot* of > > changes, many of them discussed in private emails. > > > >> >From the replies to this it doesn't look like Serge has reviewed this > >> version either. > >> > >> I am disappointed that all of my concerns about technical feasibility > >> remain unaddressed. > > > > Can you re-state those, or give a link to them? > > Well I only posted about one substantive comment on the last round > so it should be easy to find that said. Ok so you are likely referring to http://lkml.org/lkml/2017/6/23/551 , thanks. I had actually read that differently when you sent it, and thought it was more to do with the suggestion of putting the nsid tags in the middle of the xattr name versus putting it on the end. As far as that is concerned, note that no other tags besides uid= are currently supported, and only security.capability is being namespaced. > The big question is how does this intereact with filesystems > xattr implementations? > > There is the potential that we create many more security xattrs this > way. How does that scale? With more names etc. > What happens if we have one xattr per uid for 1000+ uids? Well, that's not the intent here. The goal is *not* to make one fs image that satisfies 200k possible uid mappings. The goal is to reconcile the support for an unprivileged user to set uid agnostic (within the container) file capabilities with the uid namespace's design goals - namely root in a container is privileged over the container but completely unprivileged wrt the host. This is in part why in my previous version I only allowed a single namespaced fscap. But I don't think that we have to enforce a single fscap - I think it's fair to tell users "go ahead and shoot yourself in the foot" performance-wise, if they insist on doing this. The goal of now putting the root kuid in the name is not to support multiple containers, but to have common code supporting security.capability and security.ima, and maybe a few more. > How does this interact with filesystems optimization of xattr names? > For some filesystems they optmize the xattr names, and don't store the > entire thing. This I have no idea on. Stefan, have you looked at this? > > I'd really like to get to a point where unprivileged containers can start > > using filecaps - at this point if that means having an extra temporary > > file format based on my earlier patchset while we hash this out, that > > actually seems worthwhile. But it would of course be ideal if we could > > do the name based caps right in the first place. > > This whole new version has set my review back to square one > unfortunately. Well it is a whole new approach and whole new patch, so of course that's to be expected :( -serge
WARNING: multiple messages have this Message-ID (diff)
From: serge@hallyn.com (Serge E. Hallyn) To: linux-security-module@vger.kernel.org Subject: [PATCH v2] xattr: Enable security.capability in user namespaces Date: Wed, 12 Jul 2017 19:43:44 -0500 [thread overview] Message-ID: <20170713004344.GA23272@mail.hallyn.com> (raw) In-Reply-To: <877ezdgsey.fsf@xmission.com> Quoting Eric W. Biederman (ebiederm at xmission.com): > "Serge E. Hallyn" <serge@hallyn.com> writes: > > > Quoting Eric W. Biederman (ebiederm at xmission.com): > >> Stefan Berger <"Stefan Bergerstefanb"@linux.vnet.ibm.com> writes: > >> > Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com> > >> > Signed-off-by: Serge Hallyn <serge@hallyn.com> > >> > Reviewed-by: Serge Hallyn <serge@hallyn.com> > >> > >> It doesn't look like this is coming through Serge so I don't see how > >> the Signed-off-by tag is legtimate. > > > > This is mostly explained by the fact that there have been a *lot* of > > changes, many of them discussed in private emails. > > > >> >From the replies to this it doesn't look like Serge has reviewed this > >> version either. > >> > >> I am disappointed that all of my concerns about technical feasibility > >> remain unaddressed. > > > > Can you re-state those, or give a link to them? > > Well I only posted about one substantive comment on the last round > so it should be easy to find that said. Ok so you are likely referring to http://lkml.org/lkml/2017/6/23/551 , thanks. I had actually read that differently when you sent it, and thought it was more to do with the suggestion of putting the nsid tags in the middle of the xattr name versus putting it on the end. As far as that is concerned, note that no other tags besides uid= are currently supported, and only security.capability is being namespaced. > The big question is how does this intereact with filesystems > xattr implementations? > > There is the potential that we create many more security xattrs this > way. How does that scale? With more names etc. > What happens if we have one xattr per uid for 1000+ uids? Well, that's not the intent here. The goal is *not* to make one fs image that satisfies 200k possible uid mappings. The goal is to reconcile the support for an unprivileged user to set uid agnostic (within the container) file capabilities with the uid namespace's design goals - namely root in a container is privileged over the container but completely unprivileged wrt the host. This is in part why in my previous version I only allowed a single namespaced fscap. But I don't think that we have to enforce a single fscap - I think it's fair to tell users "go ahead and shoot yourself in the foot" performance-wise, if they insist on doing this. The goal of now putting the root kuid in the name is not to support multiple containers, but to have common code supporting security.capability and security.ima, and maybe a few more. > How does this interact with filesystems optimization of xattr names? > For some filesystems they optmize the xattr names, and don't store the > entire thing. This I have no idea on. Stefan, have you looked at this? > > I'd really like to get to a point where unprivileged containers can start > > using filecaps - at this point if that means having an extra temporary > > file format based on my earlier patchset while we hash this out, that > > actually seems worthwhile. But it would of course be ideal if we could > > do the name based caps right in the first place. > > This whole new version has set my review back to square one > unfortunately. Well it is a whole new approach and whole new patch, so of course that's to be expected :( -serge -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majordomo at vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2017-07-13 0:43 UTC|newest] Thread overview: 288+ messages / expand[flat|nested] mbox.gz Atom feed top 2017-07-11 15:05 [PATCH v2] Enable namespaced file capabilities Stefan Berger 2017-07-11 15:05 ` Stefan Berger [not found] ` <1499785511-17192-1-git-send-email-stefanb-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org> 2017-07-11 15:05 ` [PATCH v2] xattr: Enable security.capability in user namespaces Stefan Berger 2017-07-11 15:05 ` Stefan Berger 2017-07-11 17:12 ` Serge E. Hallyn 2017-07-11 17:12 ` Serge E. Hallyn 2017-07-12 0:15 ` Stefan Berger 2017-07-12 0:15 ` Stefan Berger 2017-07-12 0:15 ` Stefan Berger 2017-07-12 0:47 ` Serge E. Hallyn 2017-07-12 0:47 ` Serge E. Hallyn [not found] ` <ca6e0001-6aeb-74dc-ab91-44aed3b7d128-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org> 2017-07-12 0:47 ` Serge E. Hallyn [not found] ` <20170711171222.GB31603-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org> 2017-07-12 0:15 ` Stefan Berger 2017-07-12 3:45 ` Serge E. Hallyn 2017-07-12 3:45 ` Serge E. Hallyn [not found] ` <20170712034503.GA8270-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org> 2017-07-12 11:35 ` Stefan Berger 2017-07-12 11:35 ` Stefan Berger 2017-07-12 11:35 ` Stefan Berger 2017-07-12 11:35 ` Stefan Berger [not found] ` <8c3e8c6f-52c5-5b04-8cad-1aeae25f0ec6-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org> 2017-07-12 17:32 ` Serge E. Hallyn 2017-07-12 17:32 ` Serge E. Hallyn 2017-07-12 17:32 ` Serge E. Hallyn 2017-07-12 7:59 ` James Morris 2017-07-12 7:59 ` James Morris 2017-07-12 7:59 ` James Morris 2017-07-12 13:25 ` Eric W. Biederman 2017-07-12 13:25 ` Eric W. Biederman 2017-07-12 13:25 ` Eric W. Biederman [not found] ` <87mv89iy7q.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org> 2017-07-12 17:03 ` Serge E. Hallyn 2017-07-12 17:03 ` Serge E. Hallyn 2017-07-12 17:03 ` Serge E. Hallyn [not found] ` <20170712170346.GA17974-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org> 2017-07-12 22:20 ` James Morris 2017-07-12 22:20 ` James Morris 2017-07-12 22:20 ` James Morris 2017-07-12 22:20 ` James Morris [not found] ` <alpine.LRH.2.20.1707130820050.16810-gx6/JNMH7DfYtjvyW6yDsg@public.gmane.org> 2017-07-13 0:33 ` Eric W. Biederman 2017-07-13 0:33 ` Eric W. Biederman 2017-07-13 0:33 ` Eric W. Biederman 2017-07-13 0:33 ` Eric W. Biederman [not found] ` <87o9spfa5v.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org> 2017-07-13 1:01 ` Serge E. Hallyn 2017-07-13 1:01 ` Serge E. Hallyn 2017-07-13 1:01 ` Serge E. Hallyn 2017-07-12 23:13 ` Eric W. Biederman 2017-07-12 23:13 ` Eric W. Biederman 2017-07-12 23:13 ` Eric W. Biederman 2017-07-12 23:13 ` Eric W. Biederman 2017-07-13 0:43 ` Serge E. Hallyn [this message] 2017-07-13 0:43 ` Serge E. Hallyn [not found] ` <877ezdgsey.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org> 2017-07-13 0:43 ` Serge E. Hallyn 2017-07-13 0:44 ` Stefan Berger 2017-07-13 0:44 ` Stefan Berger 2017-07-13 0:44 ` Stefan Berger 2017-07-13 0:44 ` Stefan Berger [not found] ` <74664cc8-bc3e-75d6-5892-f8934404349f-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org> 2017-07-13 1:15 ` Theodore Ts'o 2017-07-13 1:15 ` Theodore Ts'o 2017-07-13 1:15 ` Theodore Ts'o 2017-07-13 1:15 ` Theodore Ts'o [not found] ` <20170713011554.xwmrgkzfwnibvgcu-AKGzg7BKzIDYtjvyW6yDsg@public.gmane.org> 2017-07-13 2:34 ` Serge E. Hallyn 2017-07-13 2:34 ` Serge E. Hallyn 2017-07-13 2:34 ` Serge E. Hallyn 2017-07-13 12:11 ` Eric W. Biederman 2017-07-13 12:11 ` Eric W. Biederman 2017-07-13 12:11 ` Eric W. Biederman 2017-07-13 12:11 ` Eric W. Biederman [not found] ` <87y3rscz9j.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org> 2017-07-13 16:40 ` Theodore Ts'o 2017-07-13 16:40 ` Theodore Ts'o 2017-07-13 16:40 ` Theodore Ts'o 2017-07-13 16:40 ` Theodore Ts'o 2017-07-13 17:05 ` Stefan Berger 2017-07-13 17:05 ` Stefan Berger 2017-07-13 17:05 ` Stefan Berger 2017-07-13 17:39 ` Eric W. Biederman 2017-07-13 17:39 ` Eric W. Biederman 2017-07-13 17:39 ` Eric W. Biederman [not found] ` <8760ew9qyp.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org> 2017-07-13 19:14 ` Theodore Ts'o 2017-07-13 19:14 ` Theodore Ts'o 2017-07-13 19:14 ` Theodore Ts'o 2017-07-13 19:14 ` Theodore Ts'o [not found] ` <20170713191429.vfaetqscxd7hniwq-AKGzg7BKzIDYtjvyW6yDsg@public.gmane.org> 2017-07-13 19:41 ` Serge E. Hallyn 2017-07-13 19:41 ` Serge E. Hallyn 2017-07-13 19:41 ` Serge E. Hallyn 2017-07-13 21:17 ` Serge E. Hallyn 2017-07-13 21:17 ` Serge E. Hallyn 2017-07-13 21:17 ` Serge E. Hallyn [not found] ` <29fdda5e-ed4a-bcda-e3cc-c06ab87973ce-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org> 2017-07-13 17:39 ` Eric W. Biederman 2017-07-18 7:01 ` James Morris 2017-07-18 7:01 ` James Morris 2017-07-18 7:01 ` James Morris 2017-07-18 7:01 ` James Morris [not found] ` <alpine.LRH.2.20.1707181659030.5209-gx6/JNMH7DfYtjvyW6yDsg@public.gmane.org> 2017-07-18 12:12 ` Stefan Berger 2017-07-18 12:12 ` Stefan Berger 2017-07-18 12:12 ` Stefan Berger 2017-07-18 12:12 ` Stefan Berger [not found] ` <aae67245-4c9c-f79e-b821-40753e732f65-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org> 2017-07-18 13:26 ` Eric W. Biederman 2017-07-18 13:26 ` Eric W. Biederman 2017-07-18 13:26 ` Eric W. Biederman 2017-07-18 13:26 ` Eric W. Biederman 2017-07-18 23:13 ` Serge E. Hallyn 2017-07-18 23:13 ` Serge E. Hallyn [not found] ` <871spdj2pe.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org> 2017-07-18 23:13 ` Serge E. Hallyn 2017-07-13 17:14 ` Eric W. Biederman 2017-07-13 17:14 ` Eric W. Biederman 2017-07-13 17:14 ` Eric W. Biederman 2017-07-13 17:33 ` Stefan Berger 2017-07-13 17:33 ` Stefan Berger 2017-07-13 17:33 ` Stefan Berger [not found] ` <847ccb2a-30c0-a94c-df6f-091c8901eaa0-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org> 2017-07-13 17:49 ` Eric W. Biederman 2017-07-13 17:49 ` Eric W. Biederman 2017-07-13 17:49 ` Eric W. Biederman 2017-07-13 17:49 ` Eric W. Biederman 2017-07-13 19:48 ` Serge E. Hallyn 2017-07-13 19:48 ` Serge E. Hallyn 2017-07-13 21:12 ` Eric W. Biederman 2017-07-13 21:12 ` Eric W. Biederman 2017-07-13 21:12 ` Eric W. Biederman [not found] ` <20170713194842.GB4895-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org> 2017-07-13 21:12 ` Eric W. Biederman [not found] ` <87bmoo8bxb.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org> 2017-07-13 19:48 ` Serge E. Hallyn 2017-07-13 21:35 ` Stefan Berger 2017-07-13 21:35 ` Stefan Berger [not found] ` <9a3010e5-ca2b-5e7a-656b-fcc14f7bec4e-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org> 2017-07-14 0:38 ` Eric W. Biederman 2017-07-14 0:38 ` Eric W. Biederman 2017-07-14 0:38 ` Eric W. Biederman 2017-07-14 0:38 ` Eric W. Biederman [not found] ` <87h8yf7szd.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org> 2017-07-14 11:32 ` Stefan Berger 2017-07-14 11:32 ` Stefan Berger 2017-07-14 11:32 ` Stefan Berger 2017-07-14 11:32 ` Stefan Berger 2017-07-14 13:34 ` Serge E. Hallyn 2017-07-14 13:34 ` Serge E. Hallyn 2017-07-14 15:22 ` Stefan Berger 2017-07-14 15:22 ` Stefan Berger 2017-07-14 15:22 ` Stefan Berger 2017-07-14 17:35 ` Serge E. Hallyn 2017-07-14 17:35 ` Serge E. Hallyn 2017-07-14 18:17 ` Eric W. Biederman 2017-07-14 18:17 ` Eric W. Biederman 2017-07-14 18:17 ` Eric W. Biederman [not found] ` <20170714173556.GA19669-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org> 2017-07-14 18:17 ` Eric W. Biederman 2017-07-14 18:48 ` Mimi Zohar 2017-07-14 18:48 ` Mimi Zohar 2017-07-14 18:48 ` Mimi Zohar 2017-07-14 18:48 ` Mimi Zohar 2017-07-14 18:52 ` James Bottomley 2017-07-14 18:52 ` James Bottomley 2017-07-14 18:52 ` James Bottomley [not found] ` <1500058362.2853.28.camel-d9PhHud1JfjCXq6kfMZ53/egYHeGw8Jk@public.gmane.org> 2017-07-14 20:03 ` Mimi Zohar 2017-07-14 20:03 ` Mimi Zohar 2017-07-14 20:03 ` Mimi Zohar 2017-07-14 20:03 ` Mimi Zohar [not found] ` <1500062619.3583.71.camel-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org> 2017-07-14 20:39 ` James Bottomley 2017-07-14 20:39 ` James Bottomley 2017-07-14 20:39 ` James Bottomley 2017-07-14 20:39 ` James Bottomley 2017-07-14 21:34 ` Theodore Ts'o 2017-07-14 21:34 ` Theodore Ts'o 2017-07-14 21:34 ` Theodore Ts'o 2017-07-14 23:22 ` Eric W. Biederman 2017-07-14 23:22 ` Eric W. Biederman 2017-07-14 23:22 ` Eric W. Biederman [not found] ` <20170714213449.gtxtkqtxifk5j4wp-AKGzg7BKzIDYtjvyW6yDsg@public.gmane.org> 2017-07-14 23:22 ` Eric W. Biederman 2017-07-14 23:29 ` Mimi Zohar 2017-07-14 23:29 ` Mimi Zohar 2017-07-14 23:29 ` Mimi Zohar 2017-07-14 23:53 ` Eric W. Biederman 2017-07-14 23:53 ` Eric W. Biederman 2017-07-14 23:53 ` Eric W. Biederman [not found] ` <1500064799.2853.36.camel-d9PhHud1JfjCXq6kfMZ53/egYHeGw8Jk@public.gmane.org> 2017-07-14 21:34 ` Theodore Ts'o 2017-07-14 23:29 ` Mimi Zohar 2017-07-14 23:53 ` Eric W. Biederman [not found] ` <1500058090.3583.28.camel-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org> 2017-07-14 18:52 ` James Bottomley 2017-07-14 19:29 ` Theodore Ts'o 2017-07-14 19:29 ` Theodore Ts'o 2017-07-14 19:29 ` Theodore Ts'o 2017-07-14 19:29 ` Theodore Ts'o [not found] ` <20170714192909.zoxnlm32nrxguqao-AKGzg7BKzIDYtjvyW6yDsg@public.gmane.org> 2017-07-14 19:43 ` Mimi Zohar 2017-07-14 19:43 ` Mimi Zohar 2017-07-14 19:43 ` Mimi Zohar 2017-07-14 19:43 ` Mimi Zohar [not found] ` <xagsmtp2.20170714182525.6604@vmsdvm4.vnet.ibm.com> [not found] ` <xagsmtp2.20170714182525.6604-SsZeXQfhYdoOFdY8m0e24VaTQe2KTcn/@public.gmane.org> 2017-07-14 19:26 ` Mimi Zohar 2017-07-14 19:26 ` Mimi Zohar 2017-07-14 19:26 ` Mimi Zohar 2017-07-14 19:26 ` Mimi Zohar 2017-07-15 0:02 ` Eric W. Biederman 2017-07-15 0:02 ` Eric W. Biederman 2017-07-15 0:02 ` Eric W. Biederman [not found] ` <1500060374.3583.57.camel-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org> 2017-07-15 0:02 ` Eric W. Biederman 2017-07-26 3:00 ` Serge E. Hallyn 2017-07-26 3:00 ` Serge E. Hallyn 2017-07-26 3:00 ` Serge E. Hallyn 2017-07-26 13:57 ` Mimi Zohar 2017-07-26 13:57 ` Mimi Zohar 2017-07-26 13:57 ` Mimi Zohar [not found] ` <20170726030007.GA10087-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org> 2017-07-26 13:57 ` Mimi Zohar [not found] ` <xagsmtp3.20170715001054.9173@uk1vsc.vnet.ibm.com> [not found] ` <xagsmtp3.20170715001054.9173-17CmTKLGOXFpnrxNGchxj0EOCMrvLtNR@public.gmane.org> 2017-07-16 11:25 ` Mimi Zohar 2017-07-16 11:25 ` Mimi Zohar 2017-07-16 11:25 ` Mimi Zohar 2017-07-16 11:25 ` Mimi Zohar [not found] ` <596f808b-e21d-8296-5fef-23c1ce7ab778-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org> 2017-07-14 17:35 ` Serge E. Hallyn 2017-07-14 17:36 ` Eric W. Biederman 2017-07-14 17:36 ` Eric W. Biederman 2017-07-14 17:36 ` Eric W. Biederman 2017-07-14 17:36 ` Eric W. Biederman [not found] ` <87pod22a4x.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org> 2017-07-14 19:22 ` Stefan Berger 2017-07-14 19:22 ` Stefan Berger 2017-07-14 19:22 ` Stefan Berger 2017-07-14 19:22 ` Stefan Berger [not found] ` <20170714133437.GA16737-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org> 2017-07-14 15:22 ` Stefan Berger [not found] ` <65dbe654-0d99-03fa-c838-5a726b462826-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org> 2017-07-14 12:04 ` Eric W. Biederman 2017-07-14 12:04 ` Eric W. Biederman 2017-07-14 12:04 ` Eric W. Biederman 2017-07-14 12:04 ` Eric W. Biederman [not found] ` <87vamv2pj0.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org> 2017-07-14 12:39 ` Stefan Berger 2017-07-14 12:39 ` Stefan Berger 2017-07-14 12:39 ` Stefan Berger 2017-07-14 12:39 ` Stefan Berger 2017-07-14 13:34 ` Serge E. Hallyn 2017-07-13 21:21 ` Serge E. Hallyn 2017-07-13 21:21 ` Serge E. Hallyn 2017-07-13 21:21 ` Serge E. Hallyn [not found] ` <87k23cb6os.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org> 2017-07-13 17:33 ` Stefan Berger [not found] ` <20170713164012.brj2flnkaaks2oci-AKGzg7BKzIDYtjvyW6yDsg@public.gmane.org> 2017-07-13 17:05 ` Stefan Berger 2017-07-13 17:14 ` Eric W. Biederman 2017-07-13 21:13 ` Serge E. Hallyn 2017-07-13 21:13 ` Serge E. Hallyn 2017-07-13 21:13 ` Serge E. Hallyn [not found] ` <1499785511-17192-2-git-send-email-stefanb-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org> 2017-07-11 17:12 ` Serge E. Hallyn 2017-07-12 3:45 ` Serge E. Hallyn 2017-07-12 7:59 ` James Morris 2017-07-12 13:25 ` Eric W. Biederman 2017-07-12 17:53 ` Vivek Goyal 2017-07-12 17:53 ` Vivek Goyal 2017-07-12 17:53 ` Vivek Goyal 2017-07-12 17:53 ` Vivek Goyal 2017-07-12 19:19 ` Stefan Berger 2017-07-12 19:19 ` Stefan Berger 2017-07-12 19:19 ` Stefan Berger [not found] ` <20170712175357.GA32609-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org> 2017-07-12 19:19 ` Stefan Berger 2017-07-14 23:41 ` Eric W. Biederman 2017-07-17 18:58 ` Vivek Goyal 2017-07-17 18:58 ` Vivek Goyal 2017-07-17 18:58 ` Vivek Goyal 2017-07-17 18:58 ` Vivek Goyal [not found] ` <20170717185811.GC15794-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org> 2017-07-17 20:50 ` Stefan Berger 2017-07-17 20:50 ` Stefan Berger 2017-07-17 20:50 ` Stefan Berger 2017-07-17 20:50 ` Stefan Berger [not found] ` <7a39e8a6-a33b-f6a8-3fd5-6211c075ab91-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org> 2017-07-18 11:48 ` Vivek Goyal 2017-07-18 11:48 ` Vivek Goyal 2017-07-18 11:48 ` Vivek Goyal 2017-07-18 11:48 ` Vivek Goyal 2017-07-18 12:05 ` Stefan Berger 2017-07-18 12:05 ` Stefan Berger 2017-07-18 12:05 ` Stefan Berger 2017-07-18 12:30 ` Vivek Goyal 2017-07-18 12:30 ` Vivek Goyal 2017-07-18 12:30 ` Vivek Goyal 2017-07-18 12:36 ` Vivek Goyal 2017-07-18 12:36 ` Vivek Goyal 2017-07-18 12:36 ` Vivek Goyal [not found] ` <20170718123603.GC8233-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org> 2017-07-18 13:29 ` Eric W. Biederman 2017-07-18 13:29 ` Eric W. Biederman 2017-07-18 13:29 ` Eric W. Biederman 2017-07-18 13:29 ` Eric W. Biederman 2017-07-18 13:21 ` Stefan Berger 2017-07-18 13:21 ` Stefan Berger 2017-07-18 13:21 ` Stefan Berger [not found] ` <cc515ca0-c5fa-412f-3f57-a41178b060a9-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org> 2017-07-18 14:57 ` Vivek Goyal 2017-07-18 14:57 ` Vivek Goyal 2017-07-18 14:57 ` Vivek Goyal 2017-07-18 14:57 ` Vivek Goyal [not found] ` <20170718145716.GA25494-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org> 2017-07-18 16:11 ` Stefan Berger 2017-07-18 16:11 ` Stefan Berger 2017-07-18 16:11 ` Stefan Berger 2017-07-18 16:11 ` Stefan Berger [not found] ` <20170718123009.GB8233-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org> 2017-07-18 12:36 ` Vivek Goyal 2017-07-18 13:21 ` Stefan Berger [not found] ` <55971eea-fde2-439a-2fe5-d0ae5e80bc22-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org> 2017-07-18 12:30 ` Vivek Goyal [not found] ` <20170718114849.GA8233-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org> 2017-07-18 12:05 ` Stefan Berger 2017-07-20 1:05 ` [lkp-robot] [xattr] 3f3bf5920d: ltp.userns06.fail kernel test robot 2017-07-20 1:05 ` kernel test robot 2017-07-20 1:05 ` [LTP] " kernel test robot 2017-07-14 23:41 ` [PATCH v2] xattr: Enable security.capability in user namespaces Eric W. Biederman 2017-07-14 23:41 ` Eric W. Biederman 2017-07-14 23:41 ` Eric W. Biederman [not found] ` <87d192si18.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org> 2017-07-15 21:27 ` Stefan Berger 2017-07-15 21:27 ` Stefan Berger 2017-07-15 21:27 ` Stefan Berger 2017-07-15 21:27 ` Stefan Berger
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20170713004344.GA23272@mail.hallyn.com \ --to=serge@hallyn.com \ --cc=James.Bottomley@HansenPartnership.com \ --cc=amir73il@gmail.com \ --cc=casey@schaufler-ca.com \ --cc=christian.brauner@mailbox.org \ --cc=containers@lists.linux-foundation.org \ --cc=ebiederm@xmission.com \ --cc=linux-kernel@vger.kernel.org \ --cc=linux-security-module@vger.kernel.org \ --cc=lkp@01.org \ --cc=stefanb@linux.vnet.ibm.com \ --cc=tycho@docker.com \ --cc=vgoyal@redhat.com \ --cc=zohar@linux.vnet.ibm.com \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.