From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from gandalf.ozlabs.org (gandalf.ozlabs.org [150.107.74.76]) by passt.top (Postfix) with ESMTPS id A0E685A005E for <passt-dev@passt.top>; Fri, 14 Oct 2022 01:42:35 +0200 (CEST) Received: by gandalf.ozlabs.org (Postfix, from userid 1007) id 4MpQzr0XPfz4xGt; Fri, 14 Oct 2022 10:42:32 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gibson.dropbear.id.au; s=201602; t=1665704552; bh=aNz/SY+uKoCGfRNfRkzZYs0Px7mOebR0tEvxYFmpPFM=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=iwcrUrGmfyXYbvW6JJplYHu3unxvrdFp4uyon4O05YhNlFhL0YazZhCtAIz5uoX8f cfSq+58He8QXGiB9K1uPwNvLByQOq5ghhHPGRFbT8brTg/LT7yjWFJJXxj5pd1ZCS4 pMXUSUIHMKXHGgL7LEmGfEGqUTdbA9HJp5R5/5ak= Date: Fri, 14 Oct 2022 10:25:50 +1100 From: David Gibson <david@gibson.dropbear.id.au> To: Stefano Brivio <sbrivio@redhat.com> Subject: Re: [PATCH 05/10] Clarify various self-isolation steps Message-ID: <Y0iefsBMhaS4Krpv@yekko> References: <20221011054018.1449506-1-david@gibson.dropbear.id.au> <20221011054018.1449506-6-david@gibson.dropbear.id.au> <20221013144919.39b47ffb@elisabeth> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="66CH5K1UbNkOnCgq" Content-Disposition: inline In-Reply-To: <20221013144919.39b47ffb@elisabeth> Message-ID-Hash: DYWNQ4QYPAR4QV6YP2QDDWQ6CFQY6GEL X-Message-ID-Hash: DYWNQ4QYPAR4QV6YP2QDDWQ6CFQY6GEL X-MailFrom: dgibson@gandalf.ozlabs.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: passt-dev@passt.top X-Mailman-Version: 3.3.3 Precedence: list List-Id: Development discussion and patches for passt <passt-dev.passt.top> Archived-At: <> Archived-At: <https://archives.passt.top/passt-dev/Y0iefsBMhaS4Krpv@yekko/> List-Archive: <> List-Archive: <https://archives.passt.top/passt-dev/> List-Help: <mailto:passt-dev-request@passt.top?subject=help> List-Owner: <mailto:passt-dev-owner@passt.top> List-Post: <mailto:passt-dev@passt.top> List-Subscribe: <mailto:passt-dev-join@passt.top> List-Unsubscribe: <mailto:passt-dev-leave@passt.top> --66CH5K1UbNkOnCgq Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Oct 13, 2022 at 02:49:19PM +0200, Stefano Brivio wrote: > Just spotted a typo: >=20 > On Tue, 11 Oct 2022 16:40:13 +1100 > David Gibson <david@gibson.dropbear.id.au> wrote: >=20 > > @@ -59,12 +101,31 @@ void drop_caps(void) > > } > > } > > =20 > > +/** > > + * isolate_initial() - Early, config independent self isolation > > + * > > + * Should: > > + * - drop unneeded capabilities > > + * Musn't: > > + * - remove filessytem access (we need to access files during setup) >=20 > filesystem Corrected. --=20 David Gibson | I'll have my music baroque, and my code david AT gibson.dropbear.id.au | minimalist, thank you. NOT _the_ _other_ | _way_ _around_! http://www.ozlabs.org/~dgibson --66CH5K1UbNkOnCgq Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEoULxWu4/Ws0dB+XtgypY4gEwYSIFAmNInngACgkQgypY4gEw YSKGoRAAh6bbjXYcfIzbW01GVQ63kP+xu4/Cn4DC1q/OMahnVzhH/qp4+b4W1KRA LQBsB2PSFP0fWG9DfOSHmamyW4I/4b1UnSuc21MbzAZTDQRLwWewSs8Zprh8N20m ijUs+Gib9vK4QdF22lac56QiQq3zWCsWd8co/P7AfoHVxJwsZ/kvgNF38USKjDa0 df7Yi93gtvO5arED22TDthJgMuZ9CbhIyMc+pNf4wm9z9ZOR95nesEpwKxN39T54 4WbSZ5xOqj+JgqozWaZZ8B8NAfiKV8vN4jbVP1WpW2dhkI6xPMbWXle8NYhfJM9a KpIdD9aAfv5yG3PM1GIUhjfNwMD4tgHqCLdE/9dzZ89L9XIggpxi+ejIVYSVbyVI kvOsi+Z3GiHYxAqQraZwqPsv3itt2e4GAHG59gh5OwCxGlVPiS5w9Mr6uQaaPinL 4ALME1z2A+RxNayY//o5TZ9mK9RxF3cGnwwn+tn16yQo4lHA0/g9ZCb6KekQ+i+p vzMO8bh1RopAg6O4mCsNtcFc9ZUdWj8rFeKeOrSNwkwdY9qFfhYP0In+Xy/9l4TY icqgBWo2lAiaLpIgH/1gMewn+KhUA58mysfKccJ2fa0kEbngaBENZ5pnKIIjRo7O P3MzFCfAOBdfOQ9ZyR9oQSBftAmxgKRqOFXUCcK/ng9ns42g2ak= =j4U1 -----END PGP SIGNATURE----- --66CH5K1UbNkOnCgq--