diff options
| author | Christian Brauner <brauner@kernel.org> | 2023-01-13 12:49:22 +0100 |
|---|---|---|
| committer | Christian Brauner (Microsoft) <brauner@kernel.org> | 2023-01-19 09:24:28 +0100 |
| commit | 4609e1f18e19c3b302e1eb4858334bca1532f780 (patch) | |
| tree | 1e050d9bce359b0d808dc9ee9273ef2d6d2eaebc /security/commoncap.c | |
| parent | 8782a9aea3ab4d697ad67d1f8ebca38a4e1c24ab (diff) | |
fs: port ->permission() to pass mnt_idmap
Convert to struct mnt_idmap.
Last cycle we merged the necessary infrastructure in
256c8aed2b42 ("fs: introduce dedicated idmap type for mounts").
This is just the conversion to struct mnt_idmap.
Currently we still pass around the plain namespace that was attached to a
mount. This is in general pretty convenient but it makes it easy to
conflate namespaces that are relevant on the filesystem with namespaces
that are relevent on the mount level. Especially for non-vfs developers
without detailed knowledge in this area this can be a potential source for
bugs.
Once the conversion to struct mnt_idmap is done all helpers down to the
really low-level helpers will take a struct mnt_idmap argument instead of
two namespace arguments. This way it becomes impossible to conflate the two
eliminating the possibility of any bugs. All of the vfs and all filesystems
only operate on struct mnt_idmap.
Acked-by: Dave Chinner <dchinner@redhat.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Christian Brauner (Microsoft) <brauner@kernel.org>
Diffstat (limited to 'security/commoncap.c')
| -rw-r--r-- | security/commoncap.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/security/commoncap.c b/security/commoncap.c index 1164278b97fd..01b68f9311ca 100644 --- a/security/commoncap.c +++ b/security/commoncap.c @@ -377,7 +377,7 @@ static bool is_v3header(int size, const struct vfs_cap_data *cap) * by the integrity subsystem, which really wants the unconverted values - * so that's good. */ -int cap_inode_getsecurity(struct user_namespace *mnt_userns, +int cap_inode_getsecurity(struct mnt_idmap *idmap, struct inode *inode, const char *name, void **buffer, bool alloc) { @@ -391,6 +391,7 @@ int cap_inode_getsecurity(struct user_namespace *mnt_userns, struct vfs_ns_cap_data *nscap = NULL; struct dentry *dentry; struct user_namespace *fs_ns; + struct user_namespace *mnt_userns = mnt_idmap_owner(idmap); if (strcmp(name, "capability") != 0) return -EOPNOTSUPP; @@ -398,7 +399,7 @@ int cap_inode_getsecurity(struct user_namespace *mnt_userns, dentry = d_find_any_alias(inode); if (!dentry) return -EINVAL; - size = vfs_getxattr_alloc(mnt_userns, dentry, XATTR_NAME_CAPS, &tmpbuf, + size = vfs_getxattr_alloc(idmap, dentry, XATTR_NAME_CAPS, &tmpbuf, sizeof(struct vfs_ns_cap_data), GFP_NOFS); dput(dentry); /* gcc11 complains if we don't check for !tmpbuf */ |