Stefan Berger writes:
> On 04/19/2018 11:35 AM, John Johansen wrote:
>> It sounds like its already decided, with ima and selinux going with an
>> unshare file within their own fs.
>>
>> AppArmor went a different route already, splitting namespace creation (mkdir
>> in the apparmorfs policy/nam
On 04/19/2018 11:35 AM, John Johansen wrote:
On 04/19/2018 04:03 AM, Stefan Berger wrote:
On 04/18/2018 05:32 PM, John Johansen wrote:
On 04/18/2018 01:12 PM, Eric W. Biederman wrote:
Mimi Zohar writes:
On Wed, 2018-04-18 at 09:09 -0700, John Johansen wrote:
On 04/13/2018 09:25 AM, Mimi Zo
On 04/19/2018 04:03 AM, Stefan Berger wrote:
> On 04/18/2018 05:32 PM, John Johansen wrote:
>> On 04/18/2018 01:12 PM, Eric W. Biederman wrote:
>>> Mimi Zohar writes:
>>>
On Wed, 2018-04-18 at 09:09 -0700, John Johansen wrote:
> On 04/13/2018 09:25 AM, Mimi Zohar wrote:
>> [Cc'ing Joh
On 04/18/2018 05:32 PM, John Johansen wrote:
On 04/18/2018 01:12 PM, Eric W. Biederman wrote:
Mimi Zohar writes:
On Wed, 2018-04-18 at 09:09 -0700, John Johansen wrote:
On 04/13/2018 09:25 AM, Mimi Zohar wrote:
[Cc'ing John Johansen]
On Tue, 2018-03-27 at 18:01 -0500, Eric W. Biederman wro
On 04/18/2018 01:12 PM, Eric W. Biederman wrote:
> Mimi Zohar writes:
>
>> On Wed, 2018-04-18 at 09:09 -0700, John Johansen wrote:
>>> On 04/13/2018 09:25 AM, Mimi Zohar wrote:
[Cc'ing John Johansen]
On Tue, 2018-03-27 at 18:01 -0500, Eric W. Biederman wrote:
[...]
> As su
On Wed, 2018-04-18 at 15:12 -0500, Eric W. Biederman wrote:
> Mimi Zohar writes:
>
> > On Wed, 2018-04-18 at 09:09 -0700, John Johansen wrote:
> >> On 04/13/2018 09:25 AM, Mimi Zohar wrote:
> >> > [Cc'ing John Johansen]
> >> >
> >> > On Tue, 2018-03-27 at 18:01 -0500, Eric W. Biederman wrote:
>
Mimi Zohar writes:
> On Wed, 2018-04-18 at 09:09 -0700, John Johansen wrote:
>> On 04/13/2018 09:25 AM, Mimi Zohar wrote:
>> > [Cc'ing John Johansen]
>> >
>> > On Tue, 2018-03-27 at 18:01 -0500, Eric W. Biederman wrote:
>> > [...]
>> >> As such I expect the best way to create the ima namespace i
On Wed, 2018-04-18 at 09:09 -0700, John Johansen wrote:
> On 04/13/2018 09:25 AM, Mimi Zohar wrote:
> > [Cc'ing John Johansen]
> >
> > On Tue, 2018-03-27 at 18:01 -0500, Eric W. Biederman wrote:
> > [...]
> >> As such I expect the best way to create the ima namespace is by simply
> >> writing to s
On 04/13/2018 09:25 AM, Mimi Zohar wrote:
> [Cc'ing John Johansen]
>
> On Tue, 2018-03-27 at 18:01 -0500, Eric W. Biederman wrote:
> [...]
>> As such I expect the best way to create the ima namespace is by simply
>> writing to securityfs/imafs. Possibly before the user namespace is
>> even unshar
On 03/28/2018 04:10 AM, Stefan Berger wrote:
> On 03/27/2018 07:01 PM, Eric W. Biederman wrote:
>> Stefan Berger writes:
>>
>>> From: Yuqiong Sun
>>>
>>> Add new CONFIG_IMA_NS config option. Let clone() create a new IMA
>>> namespace upon CLONE_NEWUSER flag. Attach the ima_ns data structure
>>>
[Cc'ing John Johansen]
On Tue, 2018-03-27 at 18:01 -0500, Eric W. Biederman wrote:
[...]
> As such I expect the best way to create the ima namespace is by simply
> writing to securityfs/imafs. Possibly before the user namespace is
> even unshared. That would allow IMA to keep track of things fro
On Mon, Apr 02, 2018 at 07:20:54AM -0400, Stefan Berger wrote:
Good morning to everyone.
> On 03/29/2018 01:44 PM, Dr. Greg Wettstein wrote:
> >On Mar 28, 8:44am, Stefan Berger wrote:
> >} Subject: Re: [RFC PATCH v3 1/3] ima: extend clone() with IMA namespace
> >sup
> >
> >Good morning, I hope
On 03/29/2018 01:44 PM, Dr. Greg Wettstein wrote:
On Mar 28, 8:44am, Stefan Berger wrote:
} Subject: Re: [RFC PATCH v3 1/3] ima: extend clone() with IMA namespace sup
Good morning, I hope the week is going well for everyone.
On 03/28/2018 08:14 AM, Dr. Greg Wettstein wrote:
On Wed, Mar 28, 2
On Mar 28, 8:44am, Stefan Berger wrote:
} Subject: Re: [RFC PATCH v3 1/3] ima: extend clone() with IMA namespace sup
Good morning, I hope the week is going well for everyone.
> On 03/28/2018 08:14 AM, Dr. Greg Wettstein wrote:
> > On Wed, Mar 28, 2018 at 07:10:12AM -0400, Stefan Berger wrote:
>
On Wed, Mar 28, 2018 at 07:10:12AM -0400, Stefan Berger wrote:
Good morning, I hope the day is starting out well for everyone.
> On 03/27/2018 07:01 PM, Eric W. Biederman wrote:
> >Stefan Berger writes:
> >
> >>From: Yuqiong Sun
> >>
> >>Add new CONFIG_IMA_NS config option. Let clone() create
On 03/28/2018 08:14 AM, Dr. Greg Wettstein wrote:
On Wed, Mar 28, 2018 at 07:10:12AM -0400, Stefan Berger wrote:
Good morning, I hope the day is starting out well for everyone.
On 03/27/2018 07:01 PM, Eric W. Biederman wrote:
Stefan Berger writes:
From: Yuqiong Sun
Add new CONFIG_IMA_NS
On 03/27/2018 07:01 PM, Eric W. Biederman wrote:
Stefan Berger writes:
From: Yuqiong Sun
Add new CONFIG_IMA_NS config option. Let clone() create a new IMA
namespace upon CLONE_NEWUSER flag. Attach the ima_ns data structure
to user_namespace. ima_ns is allocated and freed upon IMA namespace
Stefan Berger writes:
> From: Yuqiong Sun
>
> Add new CONFIG_IMA_NS config option. Let clone() create a new IMA
> namespace upon CLONE_NEWUSER flag. Attach the ima_ns data structure
> to user_namespace. ima_ns is allocated and freed upon IMA namespace
> creation and exit, which is tied to USER
From: Yuqiong Sun
Add new CONFIG_IMA_NS config option. Let clone() create a new IMA
namespace upon CLONE_NEWUSER flag. Attach the ima_ns data structure
to user_namespace. ima_ns is allocated and freed upon IMA namespace
creation and exit, which is tied to USER namespace creation and exit.
Curren
19 matches
Mail list logo
