has CAP_SYS_ADMIN.
All callers of lookup_bdev() currently pass a mask of 0, so this
patch results in no functional change. Subsequent patches will
add permission checks where appropriate.
Signed-off-by: Seth Forshee <seth.fors...@canonical.com>
---
drivers/md/bcache/super.c | 2 +-
drivers
and SMACK64MMAP
access is denied if the label does not match smk_root. To be
consistent with suid, a SMACK64EXEC label which does not match
smk_root will still allow execution of the file but will not run
with the label supplied in the xattr.
Signed-off-by: Seth Forshee <seth.fors...@canonical.
objects, but also allow the
policy writer to specify a different label through policy
transition rules.
Pieced together from code snippets provided by Stephen Smalley.
Signed-off-by: Seth Forshee <seth.fors...@canonical.com>
Acked-by: Stephen Smalley <s...@tycho.nsa.gov>
---
secu
mounts will
continue working as before.
Signed-off-by: Seth Forshee <seth.fors...@canonical.com>
---
drivers/mtd/mtdsuper.c | 6 +-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/drivers/mtd/mtdsuper.c b/drivers/mtd/mtdsuper.c
index b5b60e1af31c..5d7e7705fed8
little in the way of feedback, so changes
are minimal. I've made a trivial style change to the Smack changes at
Casey's request, and I've added Stephen's ack for the SELinux changes.
Thanks,
Seth
Andy Lutomirski (1):
fs: Treat foreign mounts as nosuid
Seth Forshee (6):
block_dev: Support
d have made CVE-2014-5207 much
more difficult to exploit.
Signed-off-by: Andy Lutomirski <l...@amacapital.net>
Signed-off-by: Seth Forshee <seth.fors...@canonical.com>
---
fs/exec.c| 2 +-
fs/namespace.c | 13 +
include/linux/mount.h| 1 +
se
All current callers of in_userns pass current_user_ns as the
first argument. Simplify by replacing in_userns with
current_in_userns which checks whether current_user_ns is in the
namespace supplied as an argument.
Signed-off-by: Seth Forshee <seth.fors...@canonical.com>
---
fs/names
On Tue, Nov 17, 2015 at 05:55:06PM +, Al Viro wrote:
> On Tue, Nov 17, 2015 at 11:25:51AM -0600, Seth Forshee wrote:
>
> > Shortly after that I plan to follow with support for ext4. I've been
> > fuzzing ext4 for a while now and it has held up well, and I'm currently
&
On Thu, Oct 01, 2015 at 09:41:37AM -0500, Seth Forshee wrote:
> On Thu, Oct 01, 2015 at 09:40:52AM -0400, Mike Snitzer wrote:
> > On Thu, Oct 01 2015 at 8:55am -0400,
> > Seth Forshee <seth.fors...@canonical.com> wrote:
> >
> > > On Wed, Sep 30, 2015 at
On Wed, Oct 14, 2015 at 10:46:47PM -0700, Casey Schaufler wrote:
> On 10/13/2015 10:04 AM, Seth Forshee wrote:
> > The SMACK64, SMACK64EXEC, and SMACK64MMAP labels are all handled
> > differently in untrusted mounts. This is confusing and
> > potentically problematic. Chang
d have made CVE-2014-5207 much
more difficult to exploit.
Signed-off-by: Andy Lutomirski <l...@amacapital.net>
Signed-off-by: Seth Forshee <seth.fors...@canonical.com>
---
fs/exec.c| 2 +-
fs/namespace.c | 13 +
include/linux/mount.h| 1 +
se
mounts will
continue working as before.
Signed-off-by: Seth Forshee <seth.fors...@canonical.com>
---
drivers/mtd/mtdsuper.c | 6 +-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/drivers/mtd/mtdsuper.c b/drivers/mtd/mtdsuper.c
index b5b60e1af31c..5d7e7705fed8
objects, but also allow the
policy writer to specify a different label through policy
transition rules.
Pieced together from code snippets provided by Stephen Smalley.
Signed-off-by: Seth Forshee <seth.fors...@canonical.com>
---
security/selinux/hooks.c | 23 +++
1 file c
All current callers of in_userns pass current_user_ns as the
first argument. Simplify by replacing in_userns with
current_in_userns which checks whether current_user_ns is in the
namespace supplied as an argument.
Signed-off-by: Seth Forshee <seth.fors...@canonical.com>
---
fs/names
On Wed, Nov 18, 2015 at 02:58:18PM +, Al Viro wrote:
> On Wed, Nov 18, 2015 at 08:22:38AM -0600, Seth Forshee wrote:
>
> > But it still requires the admin set it up that way, no? And aren't
> > privileges required to set up those devices in the first place?
>
On Tue, Nov 17, 2015 at 02:02:09PM -0500, Austin S Hemmelgarn wrote:
> On 2015-11-17 12:55, Al Viro wrote:
> >On Tue, Nov 17, 2015 at 11:25:51AM -0600, Seth Forshee wrote:
> >
> >>Shortly after that I plan to follow with support for ext4. I've been
> >>fuzzing ext
On Wed, Nov 18, 2015 at 11:12:51AM +1100, James Morris wrote:
> On Tue, 17 Nov 2015, Seth Forshee wrote:
>
> > + sbsp = inode->i_sb->s_security;
> > + if ((sbsp->smk_flags & SMK_SB_UNTRUSTED) &&
>
> Where is SMK_SB_UNTRUSTED defined?
>
On Wed, Nov 18, 2015 at 02:10:45PM -0500, Theodore Ts'o wrote:
> On Tue, Nov 17, 2015 at 12:34:44PM -0600, Seth Forshee wrote:
> > On Tue, Nov 17, 2015 at 05:55:06PM +, Al Viro wrote:
> > > On Tue, Nov 17, 2015 at 11:25:51AM -0600, Seth Forshee wrote:
> > >
> &
-by: Seth Forshee <seth.fors...@canonical.com>
---
drivers/md/bcache/super.c | 2 +-
drivers/md/dm-table.c | 2 +-
drivers/mtd/mtdsuper.c| 6 +-
fs/block_dev.c| 18 +++---
fs/quota/quota.c | 2 +-
include/linux/fs.h| 2 +-
6 files chang
d have made CVE-2014-5207 much
more difficult to exploit.
Signed-off-by: Andy Lutomirski <l...@amacapital.net>
Signed-off-by: Seth Forshee <seth.fors...@canonical.com>
---
fs/exec.c| 2 +-
fs/namespace.c | 13 +
include/linux/mount.h| 1 +
se
objects, but also allow the
policy writer to specify a different label through policy
transition rules.
Pieced together from code snippets provided by Stephen Smalley.
Signed-off-by: Seth Forshee <seth.fors...@canonical.com>
---
security/selinux/hooks.c | 23 +++
1 file c
All current callers of in_userns pass current_user_ns as the
first argument. Simplify by replacing in_userns with
current_in_userns which checks whether current_user_ns is in the
namespace supplied as an argument.
Signed-off-by: Seth Forshee <seth.fors...@canonical.com>
---
fs/names
labels consistently.
Thanks,
Seth
Andy Lutomirski (1):
fs: Treat foreign mounts as nosuid
Seth Forshee (4):
fs: Verify access of user towards block device file when mounting
selinux: Add support for unprivileged mounts from user namespaces
userns: Replace in_userns with current_in_userns
and SMACK64MMAP
access is denied if the label does not match smk_root. To be
consistent with suid, a SMACK64EXEC label which does not match
smk_root will still allow execution of the file but will not run
with the label supplied in the xattr.
Signed-off-by: Seth Forshee <seth.fors...@canonical.
On Wed, Sep 30, 2015 at 07:42:15PM -0400, Mike Snitzer wrote:
> On Wed, Sep 30 2015 at 4:15pm -0400,
> Seth Forshee <seth.fors...@canonical.com> wrote:
>
> > When mounting a filesystem on a block device there is currently
> > no verification that the user has appropria
On Thu, Oct 01, 2015 at 10:40:08AM -0500, Eric W. Biederman wrote:
> Seth Forshee <seth.fors...@canonical.com> writes:
>
> > When mounting a filesystem on a block device there is currently
> > no verification that the user has appropriate access to the
> > device
and SMACK64MMAP
access is denied if the label does not match smk_root. To be
consistent with suid, a SMACK64EXEC label which does not match
smk_root will still allow execution of the file but will not run
with the label supplied in the xattr.
Signed-off-by: Seth Forshee <seth.fors...@canonical.
Expand the check in should_remove_suid() to keep privileges for
CAP_FSETID in s_user_ns rather than init_user_ns.
Signed-off-by: Seth Forshee <seth.fors...@canonical.com>
---
fs/inode.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/fs/inode.c b/fs/inode.c
ids in on-disk ACLs should be converted to s_user_ns instead of
init_user_ns as is done now. This introduces the possibility for
id mappings to fail, and when this happens syscalls will return
EOVERFLOW.
Signed-off-by: Seth Forshee <seth.fors...@canonical.com>
---
fs/posix
Using INVALID_[UG]ID for the LSM file creation context doesn't
make sense, so return an error if the inode passed to
set_create_file_as() has an invalid id.
Signed-off-by: Seth Forshee <seth.fors...@canonical.com>
---
kernel/cred.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/
Add checks to inode_change_ok to verify that uid and gid changes
will map into the superblock's user namespace. If they do not
fail with -EOVERFLOW. This cannot be overriden with ATTR_FORCE.
Signed-off-by: Seth Forshee <seth.fors...@canonical.com>
---
fs/attr.c | 11 +++
1 file c
the filesystem.
Signed-off-by: Seth Forshee <seth.fors...@canonical.com>
Acked-by: "Eric W. Biederman" <ebied...@xmission.com>
---
fs/namespace.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/fs/namespace.c b/fs/namespace.c
index 18fc58760aec..b00a76
to be the same namespace as s_user_ns to maintain
behavior consistent with other filesystems which can be mounted
in user namespaces.
For cuse the namespace used for the connection is also simply
current_user_ns() at the time /dev/cuse is opened.
Signed-off-by: Seth Forshee <seth.f
the unprivileged user
the ability to manipulate processes it would otherwise be unable
to manipulate. Restrict allow_other to apply to users in the same
userns used at mount or a descendant of that namespace.
Signed-off-by: Seth Forshee <seth.fors...@canonical.com>
---
fs/fuse/dir.
objects, but also allow the
policy writer to specify a different label through policy
transition rules.
Pieced together from code snippets provided by Stephen Smalley.
Signed-off-by: Seth Forshee <seth.fors...@canonical.com>
Acked-by: Stephen Smalley <s...@tycho.nsa.gov>
Acked-by:
has CAP_SYS_ADMIN.
All callers of lookup_bdev() currently pass a mask of 0, so this
patch results in no functional change. Subsequent patches will
add permission checks where appropriate.
Signed-off-by: Seth Forshee <seth.fors...@canonical.com>
---
drivers/md/bcache/super.c | 2 +-
drivers
privileged mounts will
continue working as before.
Signed-off-by: Seth Forshee <seth.fors...@canonical.com>
---
fs/block_dev.c | 7 ++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/fs/block_dev.c b/fs/block_dev.c
index 3ebbde85d898..4fdb6ab59816 100644
--- a/fs/block_dev.c
++
All current callers of in_userns pass current_user_ns as the
first argument. Simplify by replacing in_userns with
current_in_userns which checks whether current_user_ns is in the
namespace supplied as an argument.
Signed-off-by: Seth Forshee <seth.fors...@canonical.com>
Acked-by: James
The mounter of a filesystem should be privileged towards the
inodes of that filesystem. Extend the checks in
inode_owner_or_capable() and capable_wrt_inode_uidgid() to
permit access by users priviliged in the user namespace of the
inode's superblock.
Signed-off-by: Seth Forshee <seth.f
On Wed, Dec 02, 2015 at 09:40:17AM -0600, Seth Forshee wrote:
> @@ -155,11 +155,22 @@ static ino_t fuse_squash_ino(u64 ino64)
> return ino;
> }
>
> -void fuse_change_attributes_common(struct inode *inode, struct fuse_attr
> *attr,
> -u
On Fri, Dec 04, 2015 at 11:27:38AM -0600, Serge E. Hallyn wrote:
> On Wed, Dec 02, 2015 at 09:40:09AM -0600, Seth Forshee wrote:
> > Add checks to inode_change_ok to verify that uid and gid changes
> > will map into the superblock's user namespace. If they do not
> >
On Fri, Dec 04, 2015 at 02:03:55PM -0600, Serge E. Hallyn wrote:
> Quoting Seth Forshee (seth.fors...@canonical.com):
> > Update fuse to translate uids and gids to/from the user namspace
> > of the process servicing requests on /dev/fuse. Any ids which do
> > not map into the
On Fri, Dec 04, 2015 at 02:05:41PM -0600, Serge E. Hallyn wrote:
> Quoting Seth Forshee (seth.fors...@canonical.com):
> > Unprivileged users are normally restricted from mounting with the
> > allow_other option by system policy, but this could be bypassed
> > for a mount don
On Fri, Dec 04, 2015 at 01:42:06PM -0600, Serge E. Hallyn wrote:
> Quoting Seth Forshee (seth.fors...@canonical.com):
> > A privileged user in a super block's s_user_ns is privileged
> > towards that file system and thus should be allowed to set file
> > capabilities.
; >
> > On Fri, Dec 04, 2015 at 01:11:43PM -0600, Serge E. Hallyn wrote:
> > > Quoting Seth Forshee (seth.fors...@canonical.com):
> > > > Signed-off-by: Seth Forshee <seth.fors...@canonical.com>
> > >
> > > Acked-by: Serge Hallyn <serge.
On Fri, Dec 04, 2015 at 05:43:49PM -0600, Serge E. Hallyn wrote:
> On Fri, Dec 04, 2015 at 06:11:52PM -0500, Theodore Ts'o wrote:
> > On Fri, Dec 04, 2015 at 02:45:32PM -0600, Seth Forshee wrote:
> > > On Fri, Dec 04, 2015 at 02:07:36PM -0600, Serge E. Hallyn wrote:
> > >
the filesystem.
Signed-off-by: Seth Forshee <seth.fors...@canonical.com>
Acked-by: "Eric W. Biederman" <ebied...@xmission.com>
Acked-by: Serge Hallyn <serge.hal...@canonical.com>
---
fs/namespace.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/fs/
could be relaxed in the future if needed.
For cuse the namespace used for the connection is also simply
current_user_ns() at the time /dev/cuse is opened.
Signed-off-by: Seth Forshee <seth.fors...@canonical.com>
---
fs/fuse/cuse.c | 3 ++-
fs/fuse/dev.c| 13 -
fs/fuse/dir.c
Signed-off-by: Seth Forshee <seth.fors...@canonical.com>
---
fs/fuse/inode.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/fs/fuse/inode.c b/fs/fuse/inode.c
index b7bdfdac3521..2fd338c199ce 100644
--- a/fs/fuse/inode.c
+++ b/fs/fuse/inode.c
@@ -1201,7 +1201,7 @@
is safe in this respect as well.
Signed-off-by: Seth Forshee <seth.fors...@canonical.com>
Acked-by: Serge Hallyn <serge.hal...@canonical.com>
---
security/commoncap.c | 12
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/security/commoncap.c b/security/commo
Expand the check in should_remove_suid() to keep privileges for
CAP_FSETID in s_user_ns rather than init_user_ns.
Signed-off-by: Seth Forshee <seth.fors...@canonical.com>
Acked-by: Serge Hallyn <serge.hal...@canonical.com>
---
fs/inode.c | 3 ++-
1 file changed, 2 insertions(+)
Add checks to inode_change_ok to verify that uid and gid changes
will map into the superblock's user namespace. If they do not
fail with -EOVERFLOW. This cannot be overriden with ATTR_FORCE.
Signed-off-by: Seth Forshee <seth.fors...@canonical.com>
Acked-by: Serge Hallyn <
ids in on-disk ACLs should be converted to s_user_ns instead of
init_user_ns as is done now. This introduces the possibility for
id mappings to fail, and when this happens syscalls will return
EOVERFLOW.
Signed-off-by: Seth Forshee <seth.fors...@canonical.com>
Acked-by: Serge Hallyn <
ted when protected
symlinks are enabled.
Add a new helper function, uid_valid_eq(), and use this to
validate that the ids in may_follow_link() are both equal and
valid. Also add an equivalent helper for gids, which is
currently unused.
Signed-off-by: Seth Forshee <seth.fors...@canonical.com&
Using INVALID_[UG]ID for the LSM file creation context doesn't
make sense, so return an error if the inode passed to
set_create_file_as() has an invalid id.
Signed-off-by: Seth Forshee <seth.fors...@canonical.com>
Acked-by: Serge Hallyn <serge.hal...@canonical.com>
---
kernel/cred
All current callers of in_userns pass current_user_ns as the
first argument. Simplify by replacing in_userns with
current_in_userns which checks whether current_user_ns is in the
namespace supplied as an argument.
Signed-off-by: Seth Forshee <seth.fors...@canonical.com>
Acked-by: James
and SMACK64MMAP
access is denied if the label does not match smk_root. To be
consistent with suid, a SMACK64EXEC label which does not match
smk_root will still allow execution of the file but will not run
with the label supplied in the xattr.
Signed-off-by: Seth Forshee <seth.fors...@canonical.
d have made CVE-2014-5207 much
more difficult to exploit.
Signed-off-by: Andy Lutomirski <l...@amacapital.net>
Signed-off-by: Seth Forshee <seth.fors...@canonical.com>
Acked-by: James Morris <james.l.mor...@oracle.com>
Acked-by: Serge Hallyn <serge.hal...@canonical.com>
---
objects, but also allow the
policy writer to specify a different label through policy
transition rules.
Pieced together from code snippets provided by Stephen Smalley.
Signed-off-by: Seth Forshee <seth.fors...@canonical.com>
Acked-by: Stephen Smalley <s...@tycho.nsa.gov>
Acked-by:
has CAP_SYS_ADMIN.
All callers of lookup_bdev() currently pass a mask of 0, so this
patch results in no functional change. Subsequent patches will
add permission checks where appropriate.
Signed-off-by: Seth Forshee <seth.fors...@canonical.com>
Acked-by: Serge Hallyn <serge.hal...@cano
Andy Lutomirski (1):
fs: Treat foreign mounts as nosuid
Seth Forshee (17):
block_dev: Support checking inode permissions in lookup_bdev()
block_dev: Check permissions towards block device inode when mounting
selinux: Add support for unprivileged mounts from user namespaces
userns: Replace
privileged mounts will
continue working as before.
Signed-off-by: Seth Forshee <seth.fors...@canonical.com>
Acked-by: Serge Hallyn <serge.hal...@canonical.com>
---
fs/block_dev.c | 7 ++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/fs/block_dev.c b/fs/block_dev.c
index
ted when protected
symlinks are enabled.
Add a new helper function, uid_valid_eq(), and use this to
validate that the ids in may_follow_link() are both equal and
valid. Also add an equivalent helper for gids, which is
currently unused.
Signed-off-by: Seth Forshee <seth.fors...@canonical.com&
All current callers of in_userns pass current_user_ns as the
first argument. Simplify by replacing in_userns with
current_in_userns which checks whether current_user_ns is in the
namespace supplied as an argument.
Signed-off-by: Seth Forshee <seth.fors...@canonical.com>
Acked-by: James
Andy Lutomirski (1):
fs: Treat foreign mounts as nosuid
Seth Forshee (17):
block_dev: Support checking inode permissions in lookup_bdev()
block_dev: Check permissions towards block device inode when mounting
selinux: Add support for unprivileged mounts from user namespaces
userns: Replace
Signed-off-by: Seth Forshee <seth.fors...@canonical.com>
---
fs/fuse/inode.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/fs/fuse/inode.c b/fs/fuse/inode.c
index b7bdfdac3521..2fd338c199ce 100644
--- a/fs/fuse/inode.c
+++ b/fs/fuse/inode.c
@@ -1201,7 +1201,7 @@
d have made CVE-2014-5207 much
more difficult to exploit.
Signed-off-by: Andy Lutomirski <l...@amacapital.net>
Signed-off-by: Seth Forshee <seth.fors...@canonical.com>
Acked-by: James Morris <james.l.mor...@oracle.com>
Acked-by: Serge Hallyn <serge.hal...@canonical.com>
---
the unprivileged user
the ability to manipulate processes it would otherwise be unable
to manipulate. Restrict allow_other to apply to users in the same
userns used at mount or a descendant of that namespace.
Signed-off-by: Seth Forshee <seth.fors...@canonical.com>
Acked-by: Serge Hallyn <
Using INVALID_[UG]ID for the LSM file creation context doesn't
make sense, so return an error if the inode passed to
set_create_file_as() has an invalid id.
Signed-off-by: Seth Forshee <seth.fors...@canonical.com>
Acked-by: Serge Hallyn <serge.hal...@canonical.com>
---
kernel/cred
Add checks to inode_change_ok to verify that uid and gid changes
will map into the superblock's user namespace. If they do not
fail with -EOVERFLOW. This cannot be overriden with ATTR_FORCE.
Signed-off-by: Seth Forshee <seth.fors...@canonical.com>
Acked-by: Serge Hallyn <
could be relaxed in the future if needed.
For cuse the namespace used for the connection is also simply
current_user_ns() at the time /dev/cuse is opened.
Signed-off-by: Seth Forshee <seth.fors...@canonical.com>
---
fs/fuse/cuse.c | 3 ++-
fs/fuse/dev.c| 13 -
fs/fuse/dir.c
is safe in this respect as well.
Signed-off-by: Seth Forshee <seth.fors...@canonical.com>
Acked-by: Serge Hallyn <serge.hal...@canonical.com>
---
security/commoncap.c | 12
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/security/commoncap.c b/security/commo
Expand the check in should_remove_suid() to keep privileges for
CAP_FSETID in s_user_ns rather than init_user_ns.
Signed-off-by: Seth Forshee <seth.fors...@canonical.com>
Acked-by: Serge Hallyn <serge.hal...@canonical.com>
---
fs/inode.c | 3 ++-
1 file changed, 2 insertions(+)
objects, but also allow the
policy writer to specify a different label through policy
transition rules.
Pieced together from code snippets provided by Stephen Smalley.
Signed-off-by: Seth Forshee <seth.fors...@canonical.com>
Acked-by: Stephen Smalley <s...@tycho.nsa.gov>
Acked-by:
allocated via fuse_get_req_nofail_nopages. For no-fail requests
in.h.pid will be 0 if the pid translation fails.
File locking changes based on previous work done by Eric
Biederman.
Signed-off-by: Seth Forshee <seth.fors...@canonical.com>
Signed-off-by: Miklos Szeredi <mszer...@suse.cz
the filesystem.
Signed-off-by: Seth Forshee <seth.fors...@canonical.com>
Acked-by: "Eric W. Biederman" <ebied...@xmission.com>
Acked-by: Serge Hallyn <serge.hal...@canonical.com>
---
fs/namespace.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/fs/
privileged mounts will
continue working as before.
Signed-off-by: Seth Forshee <seth.fors...@canonical.com>
Acked-by: Serge Hallyn <serge.hal...@canonical.com>
---
fs/block_dev.c | 7 ++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/fs/block_dev.c b/fs/block_dev.c
index
The mounter of a filesystem should be privileged towards the
inodes of that filesystem. Extend the checks in
inode_owner_or_capable() and capable_wrt_inode_uidgid() to
permit access by users priviliged in the user namespace of the
inode's superblock.
Signed-off-by: Seth Forshee <seth.f
On Wed, Nov 18, 2015 at 07:23:48AM -0500, Austin S Hemmelgarn wrote:
> On 2015-11-17 16:32, Seth Forshee wrote:
> >On Tue, Nov 17, 2015 at 03:54:50PM -0500, Austin S Hemmelgarn wrote:
> >>On 2015-11-17 14:16, Seth Forshee wrote:
> >>>On Tue, Nov 17, 2015 at 02:02:0
On Wed, Nov 18, 2015 at 07:46:53AM -0500, Austin S Hemmelgarn wrote:
> On 2015-11-17 17:01, Seth Forshee wrote:
> >On Tue, Nov 17, 2015 at 09:05:42PM +, Al Viro wrote:
> >>On Tue, Nov 17, 2015 at 03:39:16PM -0500, Austin S Hemmelgarn wrote:
> >>
> >>>&g
On Tue, Nov 17, 2015 at 09:05:42PM +, Al Viro wrote:
> On Tue, Nov 17, 2015 at 03:39:16PM -0500, Austin S Hemmelgarn wrote:
>
> > >This is absolutely insane, no matter how much LSM snake oil you slatter on
> > >the whole thing. All of a sudden you are exposing a huge attack surface
> > >in
On Tue, Nov 17, 2015 at 03:54:50PM -0500, Austin S Hemmelgarn wrote:
> On 2015-11-17 14:16, Seth Forshee wrote:
> >On Tue, Nov 17, 2015 at 02:02:09PM -0500, Austin S Hemmelgarn wrote:
> >>On 2015-11-17 12:55, Al Viro wrote:
> >>>On Tue, Nov 17, 2015 at 11:25:
82 matches
Mail list logo