Quoting Amir Goldstein (amir7...@gmail.com):
> On Wed, Jun 28, 2017 at 8:41 AM, Serge E. Hallyn wrote:
> > Hi Amir,
> >
> > I was liking the prefix at first, but I'm actually not sure it's worth
> > it. THe main advantage would be so that checking for namespace or other
> >
Quoting Amir Goldstein (amir7...@gmail.com):
> On Wed, Jun 28, 2017 at 8:41 AM, Serge E. Hallyn wrote:
> > Hi Amir,
> >
> > I was liking the prefix at first, but I'm actually not sure it's worth
> > it. THe main advantage would be so that checking for namespace or other
> > tags could be done
On 06/28/2017 03:18 AM, Amir Goldstein wrote:
On Wed, Jun 28, 2017 at 8:41 AM, Serge E. Hallyn wrote:
On Fri, Jun 23, 2017 at 10:01:46AM +0300, Amir Goldstein wrote:
On Thu, Jun 22, 2017 at 9:59 PM, Stefan Berger
wrote:
This series of patches
On 06/28/2017 03:18 AM, Amir Goldstein wrote:
On Wed, Jun 28, 2017 at 8:41 AM, Serge E. Hallyn wrote:
On Fri, Jun 23, 2017 at 10:01:46AM +0300, Amir Goldstein wrote:
On Thu, Jun 22, 2017 at 9:59 PM, Stefan Berger
wrote:
This series of patches primary goal is to enable file capabilities
in
On Wed, Jun 28, 2017 at 8:41 AM, Serge E. Hallyn wrote:
> On Fri, Jun 23, 2017 at 10:01:46AM +0300, Amir Goldstein wrote:
>> On Thu, Jun 22, 2017 at 9:59 PM, Stefan Berger
>> wrote:
>> > This series of patches primary goal is to enable file
On Wed, Jun 28, 2017 at 8:41 AM, Serge E. Hallyn wrote:
> On Fri, Jun 23, 2017 at 10:01:46AM +0300, Amir Goldstein wrote:
>> On Thu, Jun 22, 2017 at 9:59 PM, Stefan Berger
>> wrote:
>> > This series of patches primary goal is to enable file capabilities
>> > in user namespaces without affecting
On Fri, Jun 23, 2017 at 10:01:46AM +0300, Amir Goldstein wrote:
> On Thu, Jun 22, 2017 at 9:59 PM, Stefan Berger
> wrote:
> > This series of patches primary goal is to enable file capabilities
> > in user namespaces without affecting the file capabilities that are
> >
On Fri, Jun 23, 2017 at 10:01:46AM +0300, Amir Goldstein wrote:
> On Thu, Jun 22, 2017 at 9:59 PM, Stefan Berger
> wrote:
> > This series of patches primary goal is to enable file capabilities
> > in user namespaces without affecting the file capabilities that are
> > effective on the host. This
On 6/23/2017 4:09 PM, Stefan Berger wrote:
> On 06/23/2017 02:35 PM, Serge E. Hallyn wrote:
>> Quoting Stefan Berger (stef...@linux.vnet.ibm.com):
>>> On 06/23/2017 12:16 PM, Casey Schaufler wrote:
On 6/23/2017 9:00 AM, Serge E. Hallyn wrote:
> Quoting Amir Goldstein (amir7...@gmail.com):
On 6/23/2017 4:09 PM, Stefan Berger wrote:
> On 06/23/2017 02:35 PM, Serge E. Hallyn wrote:
>> Quoting Stefan Berger (stef...@linux.vnet.ibm.com):
>>> On 06/23/2017 12:16 PM, Casey Schaufler wrote:
On 6/23/2017 9:00 AM, Serge E. Hallyn wrote:
> Quoting Amir Goldstein (amir7...@gmail.com):
On 06/23/2017 02:35 PM, Serge E. Hallyn wrote:
Quoting Stefan Berger (stef...@linux.vnet.ibm.com):
On 06/23/2017 12:16 PM, Casey Schaufler wrote:
On 6/23/2017 9:00 AM, Serge E. Hallyn wrote:
Quoting Amir Goldstein (amir7...@gmail.com):
On Thu, Jun 22, 2017 at 9:59 PM, Stefan Berger
On 06/23/2017 02:35 PM, Serge E. Hallyn wrote:
Quoting Stefan Berger (stef...@linux.vnet.ibm.com):
On 06/23/2017 12:16 PM, Casey Schaufler wrote:
On 6/23/2017 9:00 AM, Serge E. Hallyn wrote:
Quoting Amir Goldstein (amir7...@gmail.com):
On Thu, Jun 22, 2017 at 9:59 PM, Stefan Berger
wrote:
Quoting Vivek Goyal (vgo...@redhat.com):
> On Fri, Jun 23, 2017 at 03:17:23PM -0500, Serge E. Hallyn wrote:
> > Quoting Vivek Goyal (vgo...@redhat.com):
> > > On Thu, Jun 22, 2017 at 02:59:46PM -0400, Stefan Berger wrote:
> > > > This series of patches primary goal is to enable file capabilities
>
Quoting Vivek Goyal (vgo...@redhat.com):
> On Fri, Jun 23, 2017 at 03:17:23PM -0500, Serge E. Hallyn wrote:
> > Quoting Vivek Goyal (vgo...@redhat.com):
> > > On Thu, Jun 22, 2017 at 02:59:46PM -0400, Stefan Berger wrote:
> > > > This series of patches primary goal is to enable file capabilities
>
On Fri, Jun 23, 2017 at 03:17:23PM -0500, Serge E. Hallyn wrote:
> Quoting Vivek Goyal (vgo...@redhat.com):
> > On Thu, Jun 22, 2017 at 02:59:46PM -0400, Stefan Berger wrote:
> > > This series of patches primary goal is to enable file capabilities
> > > in user namespaces without affecting the
On Fri, Jun 23, 2017 at 03:17:23PM -0500, Serge E. Hallyn wrote:
> Quoting Vivek Goyal (vgo...@redhat.com):
> > On Thu, Jun 22, 2017 at 02:59:46PM -0400, Stefan Berger wrote:
> > > This series of patches primary goal is to enable file capabilities
> > > in user namespaces without affecting the
On 6/23/2017 11:35 AM, Serge E. Hallyn wrote:
> Quoting Stefan Berger (stef...@linux.vnet.ibm.com):
>> On 06/23/2017 12:16 PM, Casey Schaufler wrote:
>>> On 6/23/2017 9:00 AM, Serge E. Hallyn wrote:
Quoting Amir Goldstein (amir7...@gmail.com):
> On Thu, Jun 22, 2017 at 9:59 PM, Stefan
On 6/23/2017 11:35 AM, Serge E. Hallyn wrote:
> Quoting Stefan Berger (stef...@linux.vnet.ibm.com):
>> On 06/23/2017 12:16 PM, Casey Schaufler wrote:
>>> On 6/23/2017 9:00 AM, Serge E. Hallyn wrote:
Quoting Amir Goldstein (amir7...@gmail.com):
> On Thu, Jun 22, 2017 at 9:59 PM, Stefan
Quoting Vivek Goyal (vgo...@redhat.com):
> On Thu, Jun 22, 2017 at 02:59:46PM -0400, Stefan Berger wrote:
> > This series of patches primary goal is to enable file capabilities
> > in user namespaces without affecting the file capabilities that are
> > effective on the host. This is to prevent
Quoting Vivek Goyal (vgo...@redhat.com):
> On Thu, Jun 22, 2017 at 02:59:46PM -0400, Stefan Berger wrote:
> > This series of patches primary goal is to enable file capabilities
> > in user namespaces without affecting the file capabilities that are
> > effective on the host. This is to prevent
On Thu, Jun 22, 2017 at 02:59:46PM -0400, Stefan Berger wrote:
> This series of patches primary goal is to enable file capabilities
> in user namespaces without affecting the file capabilities that are
> effective on the host. This is to prevent that any unprivileged user
> on the host maps his
On Thu, Jun 22, 2017 at 02:59:46PM -0400, Stefan Berger wrote:
> This series of patches primary goal is to enable file capabilities
> in user namespaces without affecting the file capabilities that are
> effective on the host. This is to prevent that any unprivileged user
> on the host maps his
Quoting Eric W. Biederman (ebied...@xmission.com):
> Even with one xattr of any type there is something appealing about
> putting the logic that limits that xattr to a namespace in the name. As
Exactly. That's the idea - from Stefan - that I thought was a worthwhile
improvement over my own
Quoting Eric W. Biederman (ebied...@xmission.com):
> Even with one xattr of any type there is something appealing about
> putting the logic that limits that xattr to a namespace in the name. As
Exactly. That's the idea - from Stefan - that I thought was a worthwhile
improvement over my own
Quoting Stefan Berger (stef...@linux.vnet.ibm.com):
> On 06/23/2017 12:16 PM, Casey Schaufler wrote:
> >On 6/23/2017 9:00 AM, Serge E. Hallyn wrote:
> >>Quoting Amir Goldstein (amir7...@gmail.com):
> >>>On Thu, Jun 22, 2017 at 9:59 PM, Stefan Berger
> >>> wrote:
>
Quoting Stefan Berger (stef...@linux.vnet.ibm.com):
> On 06/23/2017 12:16 PM, Casey Schaufler wrote:
> >On 6/23/2017 9:00 AM, Serge E. Hallyn wrote:
> >>Quoting Amir Goldstein (amir7...@gmail.com):
> >>>On Thu, Jun 22, 2017 at 9:59 PM, Stefan Berger
> >>> wrote:
> This series of patches
Quoting Stefan Berger (stef...@linux.vnet.ibm.com):
> On 06/23/2017 01:07 PM, James Bottomley wrote:
> >On Fri, 2017-06-23 at 11:30 -0500, Serge E. Hallyn wrote:
> >>Quoting Casey Schaufler (ca...@schaufler-ca.com):
> >>>Or maybe just security.ns.capability, taking James' comment into
>
Quoting Stefan Berger (stef...@linux.vnet.ibm.com):
> On 06/23/2017 01:07 PM, James Bottomley wrote:
> >On Fri, 2017-06-23 at 11:30 -0500, Serge E. Hallyn wrote:
> >>Quoting Casey Schaufler (ca...@schaufler-ca.com):
> >>>Or maybe just security.ns.capability, taking James' comment into
>
Quoting Eric W. Biederman (ebied...@xmission.com):
> "Serge E. Hallyn" writes:
>
> > Quoting Casey Schaufler (ca...@schaufler-ca.com):
> >> On 6/23/2017 9:30 AM, Serge E. Hallyn wrote:
> >> > Quoting Casey Schaufler (ca...@schaufler-ca.com):
> >> >> Or maybe just
Quoting Eric W. Biederman (ebied...@xmission.com):
> "Serge E. Hallyn" writes:
>
> > Quoting Casey Schaufler (ca...@schaufler-ca.com):
> >> On 6/23/2017 9:30 AM, Serge E. Hallyn wrote:
> >> > Quoting Casey Schaufler (ca...@schaufler-ca.com):
> >> >> Or maybe just security.ns.capability, taking
On 06/23/2017 12:16 PM, Casey Schaufler wrote:
On 6/23/2017 9:00 AM, Serge E. Hallyn wrote:
Quoting Amir Goldstein (amir7...@gmail.com):
On Thu, Jun 22, 2017 at 9:59 PM, Stefan Berger
wrote:
This series of patches primary goal is to enable file capabilities
in
On 06/23/2017 12:16 PM, Casey Schaufler wrote:
On 6/23/2017 9:00 AM, Serge E. Hallyn wrote:
Quoting Amir Goldstein (amir7...@gmail.com):
On Thu, Jun 22, 2017 at 9:59 PM, Stefan Berger
wrote:
This series of patches primary goal is to enable file capabilities
in user namespaces without
"Serge E. Hallyn" writes:
> Quoting Casey Schaufler (ca...@schaufler-ca.com):
>> On 6/23/2017 9:30 AM, Serge E. Hallyn wrote:
>> > Quoting Casey Schaufler (ca...@schaufler-ca.com):
>> >> Or maybe just security.ns.capability, taking James' comment into account.
>> > That last
"Serge E. Hallyn" writes:
> Quoting Casey Schaufler (ca...@schaufler-ca.com):
>> On 6/23/2017 9:30 AM, Serge E. Hallyn wrote:
>> > Quoting Casey Schaufler (ca...@schaufler-ca.com):
>> >> Or maybe just security.ns.capability, taking James' comment into account.
>> > That last one may be suitable
James Bottomley writes:
> On Thu, 2017-06-22 at 18:36 -0500, Serge E. Hallyn wrote:
>> Quoting James Bottomley (james.bottom...@hansenpartnership.com):
>> > On Thu, 2017-06-22 at 14:59 -0400, Stefan Berger wrote:
>> > > This series of patches primary goal
James Bottomley writes:
> On Thu, 2017-06-22 at 18:36 -0500, Serge E. Hallyn wrote:
>> Quoting James Bottomley (james.bottom...@hansenpartnership.com):
>> > On Thu, 2017-06-22 at 14:59 -0400, Stefan Berger wrote:
>> > > This series of patches primary goal is to enable file
>> > > capabilities
On 06/23/2017 01:07 PM, James Bottomley wrote:
On Fri, 2017-06-23 at 11:30 -0500, Serge E. Hallyn wrote:
Quoting Casey Schaufler (ca...@schaufler-ca.com):
Or maybe just security.ns.capability, taking James' comment into
account.
That last one may be suitable as an option, useful for his
On 06/23/2017 01:07 PM, James Bottomley wrote:
On Fri, 2017-06-23 at 11:30 -0500, Serge E. Hallyn wrote:
Quoting Casey Schaufler (ca...@schaufler-ca.com):
Or maybe just security.ns.capability, taking James' comment into
account.
That last one may be suitable as an option, useful for his
Quoting James Bottomley (james.bottom...@hansenpartnership.com):
> On Fri, 2017-06-23 at 11:30 -0500, Serge E. Hallyn wrote:
> > Quoting Casey Schaufler (ca...@schaufler-ca.com):
> > > Or maybe just security.ns.capability, taking James' comment into
> > > account.
> >
> > That last one may be
Quoting James Bottomley (james.bottom...@hansenpartnership.com):
> On Fri, 2017-06-23 at 11:30 -0500, Serge E. Hallyn wrote:
> > Quoting Casey Schaufler (ca...@schaufler-ca.com):
> > > Or maybe just security.ns.capability, taking James' comment into
> > > account.
> >
> > That last one may be
On Fri, 2017-06-23 at 11:30 -0500, Serge E. Hallyn wrote:
> Quoting Casey Schaufler (ca...@schaufler-ca.com):
> > Or maybe just security.ns.capability, taking James' comment into
> > account.
>
> That last one may be suitable as an option, useful for his particular
> (somewhat barbaric :) use
On Fri, 2017-06-23 at 11:30 -0500, Serge E. Hallyn wrote:
> Quoting Casey Schaufler (ca...@schaufler-ca.com):
> > Or maybe just security.ns.capability, taking James' comment into
> > account.
>
> That last one may be suitable as an option, useful for his particular
> (somewhat barbaric :) use
Quoting Casey Schaufler (ca...@schaufler-ca.com):
> On 6/23/2017 9:30 AM, Serge E. Hallyn wrote:
> > Quoting Casey Schaufler (ca...@schaufler-ca.com):
> >> Or maybe just security.ns.capability, taking James' comment into account.
> > That last one may be suitable as an option, useful for his
Quoting Casey Schaufler (ca...@schaufler-ca.com):
> On 6/23/2017 9:30 AM, Serge E. Hallyn wrote:
> > Quoting Casey Schaufler (ca...@schaufler-ca.com):
> >> Or maybe just security.ns.capability, taking James' comment into account.
> > That last one may be suitable as an option, useful for his
On 6/23/2017 9:30 AM, Serge E. Hallyn wrote:
> Quoting Casey Schaufler (ca...@schaufler-ca.com):
>> On 6/23/2017 9:00 AM, Serge E. Hallyn wrote:
>>> Quoting Amir Goldstein (amir7...@gmail.com):
On Thu, Jun 22, 2017 at 9:59 PM, Stefan Berger
wrote:
> This
On 6/23/2017 9:30 AM, Serge E. Hallyn wrote:
> Quoting Casey Schaufler (ca...@schaufler-ca.com):
>> On 6/23/2017 9:00 AM, Serge E. Hallyn wrote:
>>> Quoting Amir Goldstein (amir7...@gmail.com):
On Thu, Jun 22, 2017 at 9:59 PM, Stefan Berger
wrote:
> This series of patches primary
Quoting Casey Schaufler (ca...@schaufler-ca.com):
> On 6/23/2017 9:00 AM, Serge E. Hallyn wrote:
> > Quoting Amir Goldstein (amir7...@gmail.com):
> >> On Thu, Jun 22, 2017 at 9:59 PM, Stefan Berger
> >> wrote:
> >>> This series of patches primary goal is to enable file
Quoting Casey Schaufler (ca...@schaufler-ca.com):
> On 6/23/2017 9:00 AM, Serge E. Hallyn wrote:
> > Quoting Amir Goldstein (amir7...@gmail.com):
> >> On Thu, Jun 22, 2017 at 9:59 PM, Stefan Berger
> >> wrote:
> >>> This series of patches primary goal is to enable file capabilities
> >>> in user
On 6/23/2017 9:00 AM, Serge E. Hallyn wrote:
> Quoting Amir Goldstein (amir7...@gmail.com):
>> On Thu, Jun 22, 2017 at 9:59 PM, Stefan Berger
>> wrote:
>>> This series of patches primary goal is to enable file capabilities
>>> in user namespaces without affecting the
On 6/23/2017 9:00 AM, Serge E. Hallyn wrote:
> Quoting Amir Goldstein (amir7...@gmail.com):
>> On Thu, Jun 22, 2017 at 9:59 PM, Stefan Berger
>> wrote:
>>> This series of patches primary goal is to enable file capabilities
>>> in user namespaces without affecting the file capabilities that are
Quoting Amir Goldstein (amir7...@gmail.com):
> On Thu, Jun 22, 2017 at 9:59 PM, Stefan Berger
> wrote:
> > This series of patches primary goal is to enable file capabilities
> > in user namespaces without affecting the file capabilities that are
> > effective on the
Quoting Amir Goldstein (amir7...@gmail.com):
> On Thu, Jun 22, 2017 at 9:59 PM, Stefan Berger
> wrote:
> > This series of patches primary goal is to enable file capabilities
> > in user namespaces without affecting the file capabilities that are
> > effective on the host. This is to prevent that
On Thu, Jun 22, 2017 at 9:59 PM, Stefan Berger
wrote:
> This series of patches primary goal is to enable file capabilities
> in user namespaces without affecting the file capabilities that are
> effective on the host. This is to prevent that any unprivileged user
> on
On Thu, Jun 22, 2017 at 9:59 PM, Stefan Berger
wrote:
> This series of patches primary goal is to enable file capabilities
> in user namespaces without affecting the file capabilities that are
> effective on the host. This is to prevent that any unprivileged user
> on the host maps his own uid to
Quoting James Bottomley (james.bottom...@hansenpartnership.com):
> On Thu, 2017-06-22 at 18:36 -0500, Serge E. Hallyn wrote:
> > Yes, the use case is: to allow root in the container to set the
> > privilege itself, without endangering any resources not owned by
> > that root.
>
> OK, so you
Quoting James Bottomley (james.bottom...@hansenpartnership.com):
> On Thu, 2017-06-22 at 18:36 -0500, Serge E. Hallyn wrote:
> > Yes, the use case is: to allow root in the container to set the
> > privilege itself, without endangering any resources not owned by
> > that root.
>
> OK, so you
On Thu, 2017-06-22 at 18:36 -0500, Serge E. Hallyn wrote:
> Quoting James Bottomley (james.bottom...@hansenpartnership.com):
> > On Thu, 2017-06-22 at 14:59 -0400, Stefan Berger wrote:
> > > This series of patches primary goal is to enable file
> > > capabilities in user namespaces without
On Thu, 2017-06-22 at 18:36 -0500, Serge E. Hallyn wrote:
> Quoting James Bottomley (james.bottom...@hansenpartnership.com):
> > On Thu, 2017-06-22 at 14:59 -0400, Stefan Berger wrote:
> > > This series of patches primary goal is to enable file
> > > capabilities in user namespaces without
Quoting James Bottomley (james.bottom...@hansenpartnership.com):
> On Thu, 2017-06-22 at 14:59 -0400, Stefan Berger wrote:
> > This series of patches primary goal is to enable file capabilities
> > in user namespaces without affecting the file capabilities that are
> > effective on the host. This
Quoting James Bottomley (james.bottom...@hansenpartnership.com):
> On Thu, 2017-06-22 at 14:59 -0400, Stefan Berger wrote:
> > This series of patches primary goal is to enable file capabilities
> > in user namespaces without affecting the file capabilities that are
> > effective on the host. This
Quoting James Bottomley (james.bottom...@hansenpartnership.com):
> On Thu, 2017-06-22 at 14:59 -0400, Stefan Berger wrote:
> > This series of patches primary goal is to enable file capabilities
> > in user namespaces without affecting the file capabilities that are
> > effective on the host. This
Quoting James Bottomley (james.bottom...@hansenpartnership.com):
> On Thu, 2017-06-22 at 14:59 -0400, Stefan Berger wrote:
> > This series of patches primary goal is to enable file capabilities
> > in user namespaces without affecting the file capabilities that are
> > effective on the host. This
On Thu, 2017-06-22 at 14:59 -0400, Stefan Berger wrote:
> This series of patches primary goal is to enable file capabilities
> in user namespaces without affecting the file capabilities that are
> effective on the host. This is to prevent that any unprivileged user
> on the host maps his own uid
On Thu, 2017-06-22 at 14:59 -0400, Stefan Berger wrote:
> This series of patches primary goal is to enable file capabilities
> in user namespaces without affecting the file capabilities that are
> effective on the host. This is to prevent that any unprivileged user
> on the host maps his own uid
Quoting Casey Schaufler (ca...@schaufler-ca.com):
> On 6/22/2017 2:09 PM, Serge E. Hallyn wrote:
> > Quoting Casey Schaufler (ca...@schaufler-ca.com):
> >> On 6/22/2017 1:12 PM, Stefan Berger wrote:
> >>> On 06/22/2017 03:59 PM, Casey Schaufler wrote:
> On 6/22/2017 11:59 AM, Stefan Berger
Quoting Casey Schaufler (ca...@schaufler-ca.com):
> On 6/22/2017 2:09 PM, Serge E. Hallyn wrote:
> > Quoting Casey Schaufler (ca...@schaufler-ca.com):
> >> On 6/22/2017 1:12 PM, Stefan Berger wrote:
> >>> On 06/22/2017 03:59 PM, Casey Schaufler wrote:
> On 6/22/2017 11:59 AM, Stefan Berger
On 6/22/2017 2:09 PM, Serge E. Hallyn wrote:
> Quoting Casey Schaufler (ca...@schaufler-ca.com):
>> On 6/22/2017 1:12 PM, Stefan Berger wrote:
>>> On 06/22/2017 03:59 PM, Casey Schaufler wrote:
On 6/22/2017 11:59 AM, Stefan Berger wrote:
> This series of patches primary goal is to enable
On 6/22/2017 2:09 PM, Serge E. Hallyn wrote:
> Quoting Casey Schaufler (ca...@schaufler-ca.com):
>> On 6/22/2017 1:12 PM, Stefan Berger wrote:
>>> On 06/22/2017 03:59 PM, Casey Schaufler wrote:
On 6/22/2017 11:59 AM, Stefan Berger wrote:
> This series of patches primary goal is to enable
Quoting Casey Schaufler (ca...@schaufler-ca.com):
> On 6/22/2017 1:12 PM, Stefan Berger wrote:
> > On 06/22/2017 03:59 PM, Casey Schaufler wrote:
> >> On 6/22/2017 11:59 AM, Stefan Berger wrote:
> >>> This series of patches primary goal is to enable file capabilities
> >>> in user namespaces
Quoting Casey Schaufler (ca...@schaufler-ca.com):
> On 6/22/2017 1:12 PM, Stefan Berger wrote:
> > On 06/22/2017 03:59 PM, Casey Schaufler wrote:
> >> On 6/22/2017 11:59 AM, Stefan Berger wrote:
> >>> This series of patches primary goal is to enable file capabilities
> >>> in user namespaces
On 06/22/2017 04:33 PM, Casey Schaufler wrote:
On 6/22/2017 1:12 PM, Stefan Berger wrote:
On 06/22/2017 03:59 PM, Casey Schaufler wrote:
On 6/22/2017 11:59 AM, Stefan Berger wrote:
This series of patches primary goal is to enable file capabilities
in user namespaces without affecting the file
On 06/22/2017 04:33 PM, Casey Schaufler wrote:
On 6/22/2017 1:12 PM, Stefan Berger wrote:
On 06/22/2017 03:59 PM, Casey Schaufler wrote:
On 6/22/2017 11:59 AM, Stefan Berger wrote:
This series of patches primary goal is to enable file capabilities
in user namespaces without affecting the file
On 6/22/2017 1:12 PM, Stefan Berger wrote:
> On 06/22/2017 03:59 PM, Casey Schaufler wrote:
>> On 6/22/2017 11:59 AM, Stefan Berger wrote:
>>> This series of patches primary goal is to enable file capabilities
>>> in user namespaces without affecting the file capabilities that are
>>> effective on
On 6/22/2017 1:12 PM, Stefan Berger wrote:
> On 06/22/2017 03:59 PM, Casey Schaufler wrote:
>> On 6/22/2017 11:59 AM, Stefan Berger wrote:
>>> This series of patches primary goal is to enable file capabilities
>>> in user namespaces without affecting the file capabilities that are
>>> effective on
On 06/22/2017 03:59 PM, Casey Schaufler wrote:
On 6/22/2017 11:59 AM, Stefan Berger wrote:
This series of patches primary goal is to enable file capabilities
in user namespaces without affecting the file capabilities that are
effective on the host. This is to prevent that any unprivileged user
On 06/22/2017 03:59 PM, Casey Schaufler wrote:
On 6/22/2017 11:59 AM, Stefan Berger wrote:
This series of patches primary goal is to enable file capabilities
in user namespaces without affecting the file capabilities that are
effective on the host. This is to prevent that any unprivileged user
On 6/22/2017 11:59 AM, Stefan Berger wrote:
> This series of patches primary goal is to enable file capabilities
> in user namespaces without affecting the file capabilities that are
> effective on the host. This is to prevent that any unprivileged user
> on the host maps his own uid to root in a
On 6/22/2017 11:59 AM, Stefan Berger wrote:
> This series of patches primary goal is to enable file capabilities
> in user namespaces without affecting the file capabilities that are
> effective on the host. This is to prevent that any unprivileged user
> on the host maps his own uid to root in a
This series of patches primary goal is to enable file capabilities
in user namespaces without affecting the file capabilities that are
effective on the host. This is to prevent that any unprivileged user
on the host maps his own uid to root in a private namespace, writes
the xattr, and executes
This series of patches primary goal is to enable file capabilities
in user namespaces without affecting the file capabilities that are
effective on the host. This is to prevent that any unprivileged user
on the host maps his own uid to root in a private namespace, writes
the xattr, and executes
80 matches
Mail list logo