| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20170713212111.GC6167@mail.hallyn.com>
Date: Thu, 13 Jul 2017 16:21:11 -0500
From: "Serge E. Hallyn" <serge@...lyn.com>
To: Stefan Berger <stefanb@...ux.vnet.ibm.com>
Cc: "Eric W. Biederman" <ebiederm@...ssion.com>,
Theodore Ts'o <tytso@....edu>,
"Serge E. Hallyn" <serge@...lyn.com>,
containers@...ts.linux-foundation.org, lkp@...org,
linux-kernel@...r.kernel.org, zohar@...ux.vnet.ibm.com,
tycho@...ker.com, James.Bottomley@...senPartnership.com,
vgoyal@...hat.com, christian.brauner@...lbox.org,
amir73il@...il.com, linux-security-module@...r.kernel.org,
casey@...aufler-ca.com
Subject: Re: [PATCH v2] xattr: Enable security.capability in user namespaces
Quoting Stefan Berger (stefanb@...ux.vnet.ibm.com):
> For virtualizing the xattrs on the 'value' side I was looking for
> whether there's something like a 'wrapper' structure around the
> actual value of the xattr so that that wrapper could be extended to
> support different values at different uids and applied to any xattr.
> Unfortunately there's no such 'wrapper'.
I believe my very first implementation did essentially this - it used
the not uncommon structure of (mostly making this up):
struct ns_vfs_cap {
int magic;
int ncaps;
struct ns_vfs_cap_data data[0];
};
with (ncaps * sizeof(ns_vfs_cap_data)) following that.
I didn't like it.
-serge
Powered by blists - more mailing lists