Re: [PATCH] documentation: ntb.txt correct grammar "however"

On 2016-06-04 21:36, Ken Moffat wrote: On Sat, Jun 04, 2016 at 03:34:01PM -0400, Justin Keller wrote: Correct the grammar around the word however. Signed-off-by: Justin Keller --- index 1d9bbab..5d43510 100644 --- a/Documentation/ntb.txt +++ b/Documentation/ntb.txt @@ -35,7 +35,7 @@ establis

Re: [PATCH 0/6] Intel Secure Guard Extensions

On 2016-04-29 16:17, Jarkko Sakkinen wrote: On Tue, Apr 26, 2016 at 09:00:10PM +0200, Pavel Machek wrote: On Mon 2016-04-25 20:34:07, Jarkko Sakkinen wrote: Intel(R) SGX is a set of CPU instructions that can be used by applications to set aside private regions of code and data. The code outsid

Re: [kernel-hardening] Re: [PATCH 0/2] sysctl: allow CLONE_NEWUSER to be disabled

On 2016-01-28 03:56, Serge E. Hallyn wrote: On Mon, Jan 25, 2016 at 10:57:32PM -0600, Eric W. Biederman wrote: What sounds like a generally useful feature that would cover your use case and many others is a per user limit on the number of user namespaces users may create. Ok, I'm sorry, but af

Re: [kernel-hardening] Re: [PATCH 0/2] sysctl: allow CLONE_NEWUSER to be disabled

On 2016-01-27 05:27, Eric W. Biederman wrote: Kees Cook writes: On Tue, Jan 26, 2016 at 9:15 AM, Serge Hallyn wrote: Quoting Josh Boyer (jwbo...@fedoraproject.org): What you're saying is true for the "oh crap" case of a new userns related CVE being found. However, there is the case where s

Re: [kernel-hardening] Re: [PATCH 0/2] sysctl: allow CLONE_NEWUSER to be disabled

On 2016-01-26 14:56, Josh Boyer wrote: On Tue, Jan 26, 2016 at 12:20 PM, Serge Hallyn wrote: Quoting Josh Boyer (jwbo...@fedoraproject.org): On Tue, Jan 26, 2016 at 9:46 AM, Austin S. Hemmelgarn wrote: On 2016-01-26 09:38, Josh Boyer wrote: On Mon, Jan 25, 2016 at 11:57 PM, Eric W

Re: [kernel-hardening] Re: [PATCH 0/2] sysctl: allow CLONE_NEWUSER to be disabled

On 2016-01-26 13:27, Andy Lutomirski wrote: On Tue, Jan 26, 2016 at 10:09 AM, Austin S. Hemmelgarn wrote: On 2016-01-26 12:15, Serge Hallyn wrote: Quoting Josh Boyer (jwbo...@fedoraproject.org): On Mon, Jan 25, 2016 at 11:57 PM, Eric W. Biederman wrote: Kees Cook writes: On Mon, Jan

Re: [kernel-hardening] Re: [PATCH 0/2] sysctl: allow CLONE_NEWUSER to be disabled

On 2016-01-26 12:15, Serge Hallyn wrote: Quoting Josh Boyer (jwbo...@fedoraproject.org): On Mon, Jan 25, 2016 at 11:57 PM, Eric W. Biederman wrote: Kees Cook writes: On Mon, Jan 25, 2016 at 11:33 AM, Eric W. Biederman wrote: Kees Cook writes: Well, I don't know about less weird, but it

Re: [PATCH 0/2] sysctl: allow CLONE_NEWUSER to be disabled

On 2016-01-26 09:38, Josh Boyer wrote: On Mon, Jan 25, 2016 at 11:57 PM, Eric W. Biederman wrote: Kees Cook writes: On Mon, Jan 25, 2016 at 11:33 AM, Eric W. Biederman wrote: Kees Cook writes: Well, I don't know about less weird, but it would leave a unneeded hole in the permission chec