git.proxmox.com Git - mirror_ubuntu-kernels.git/commit

author	David Howells <dhowells@redhat.com>
	Fri, 26 Nov 2021 14:59:10 +0000 (14:59 +0000)
committer	David Howells <dhowells@redhat.com>
	Fri, 7 Jan 2022 13:41:14 +0000 (13:41 +0000)
commit	254947d47945f2fa02e9b3366594fad2ed127618
tree	b65de1ad1bcbbc7bfe9aefccff113b9285d2cdf0	tree
parent	1493bf74bcf2434a840eacef60c0f56966faa11a	commit \| diff

cachefiles: Add security derivation

Implement code to derive a new set of creds for the cachefiles to use when
making VFS or I/O calls and to change the auditing info since the
application interacting with the network filesystem is not accessing the
cache directly.  Cachefiles uses override_creds() to change the effective
creds temporarily.

set_security_override_from_ctx() is called to derive the LSM 'label' that
the cachefiles driver will act with.  set_create_files_as() is called to
determine the LSM 'label' that will be applied to files and directories
created in the cache.  These functions alter the new creds.

Also implement a couple of functions to wrap the calls to begin/end cred
overriding.

Signed-off-by: David Howells <dhowells@redhat.com>
Reviewed-by: Jeff Layton <jlayton@kernel.org>
cc: linux-cachefs@redhat.com
Link: https://lore.kernel.org/r/163819627469.215744.3603633690679962985.stgit@warthog.procyon.org.uk/
Link: https://lore.kernel.org/r/163906928172.143852.15886637013364286786.stgit@warthog.procyon.org.uk/
Link: https://lore.kernel.org/r/163967138138.1823006.7620933448261939504.stgit@warthog.procyon.org.uk/
Link: https://lore.kernel.org/r/164021537001.640689.4081334436031700558.stgit@warthog.procyon.org.uk/