lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 13 Jul 2017 16:21:11 -0500 From: "Serge E. Hallyn" <serge@...lyn.com> To: Stefan Berger <stefanb@...ux.vnet.ibm.com> Cc: "Eric W. Biederman" <ebiederm@...ssion.com>, Theodore Ts'o <tytso@....edu>, "Serge E. Hallyn" <serge@...lyn.com>, containers@...ts.linux-foundation.org, lkp@...org, linux-kernel@...r.kernel.org, zohar@...ux.vnet.ibm.com, tycho@...ker.com, James.Bottomley@...senPartnership.com, vgoyal@...hat.com, christian.brauner@...lbox.org, amir73il@...il.com, linux-security-module@...r.kernel.org, casey@...aufler-ca.com Subject: Re: [PATCH v2] xattr: Enable security.capability in user namespaces Quoting Stefan Berger (stefanb@...ux.vnet.ibm.com): > For virtualizing the xattrs on the 'value' side I was looking for > whether there's something like a 'wrapper' structure around the > actual value of the xattr so that that wrapper could be extended to > support different values at different uids and applied to any xattr. > Unfortunately there's no such 'wrapper'. I believe my very first implementation did essentially this - it used the not uncommon structure of (mostly making this up): struct ns_vfs_cap { int magic; int ncaps; struct ns_vfs_cap_data data[0]; }; with (ncaps * sizeof(ns_vfs_cap_data)) following that. I didn't like it. -serge
Powered by blists - more mailing lists