| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 30 Jul 2017 08:04:25 -0700
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: James Simmons <jsimmons@...radead.org>
Cc: devel@...verdev.osuosl.org,
Andreas Dilger <andreas.dilger@...el.com>,
Oleg Drokin <oleg.drokin@...el.com>,
Robin Humble <plaguedbypenguins@...il.com>,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
Lustre Development List <lustre-devel@...ts.lustre.org>
Subject: Re: [PATCH 18/20] staging: lustre: llite: Remove filtering of
seclabel xattr
On Thu, Jul 27, 2017 at 08:35:33PM +0100, James Simmons wrote:
>
> > From: Robin Humble <plaguedbypenguins@...il.com>
> >
> > The security.capability xattr is used to implement File
> > Capabilities in recent Linux versions. Capabilities are a
> > fine grained approach to granting executables elevated
> > privileges. eg. /bin/ping can have capabilities
> > cap_net_admin, cap_net_raw+ep instead of being setuid root.
> >
> > This xattr has long been filtered out by llite, initially for
> > stability reasons (b15587), and later over performance
> > concerns as this xattr is read for every file with eg.
> > 'ls --color'. Since LU-2869 xattr's are cached on clients,
> > alleviating most performance concerns.
> >
> > Removing llite's filtering of the security.capability xattr
> > enables using Lustre as a root filesystem, which is used on
> > some large clusters.
>
> The commit message for this patch is incorrect. Some how it got
> mixed up with another patch which I missed in this push. Please
> drop this patch and I will resent the correct patches later.
Now dropped.
Powered by blists - more mailing lists