git.proxmox.com Git - mirror_ubuntu-jammy-kernel.git/commit

]> git.proxmox.com Git - mirror_ubuntu-jammy-kernel.git/commit

projects / mirror_ubuntu-jammy-kernel.git / commit

author	Christian Brauner <christian.brauner@ubuntu.com>
	Thu, 21 Jan 2021 13:19:45 +0000 (14:19 +0100)
committer	Christian Brauner <christian.brauner@ubuntu.com>
	Sun, 24 Jan 2021 13:27:20 +0000 (14:27 +0100)
commit	a2d2329e30e224ea68d575d2525b866df9805ea0
tree	5c56b6472bcb77840030918e5d0ea28077762365	tree
parent	3cee6079f62f4d3a37d9dda2e0851677e08028ff	commit \| diff

ima: handle idmapped mounts

IMA does sometimes access the inode's i_uid and compares it against the
rules' fowner. Enable IMA to handle idmapped mounts by passing down the
mount's user namespace. We simply make use of the helpers we introduced
before. If the initial user namespace is passed nothing changes so
non-idmapped mounts will see identical behavior as before.

Link: https://lore.kernel.org/r/20210121131959.646623-27-christian.brauner@ubuntu.com
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Ubuntu Jammy Linux kernel mirror

RSS Atom

fs/attr.c		diff \| blob \| blame \| history
fs/namei.c		diff \| blob \| blame \| history
include/linux/ima.h		diff \| blob \| blame \| history
security/integrity/ima/ima.h		diff \| blob \| blame \| history
security/integrity/ima/ima_api.c		diff \| blob \| blame \| history
security/integrity/ima/ima_appraise.c		diff \| blob \| blame \| history
security/integrity/ima/ima_asymmetric_keys.c		diff \| blob \| blame \| history
security/integrity/ima/ima_main.c		diff \| blob \| blame \| history
security/integrity/ima/ima_policy.c		diff \| blob \| blame \| history
security/integrity/ima/ima_queue_keys.c		diff \| blob \| blame \| history