ima: handle idmapped mounts
IMA does sometimes access the inode's i_uid and compares it against the rules' fowner. Enable IMA to handle idmapped mounts by passing down the mount's user namespace. We simply make use of the helpers we introduced before. If the initial user namespace is passed nothing changes so non-idmapped mounts will see identical behavior as before. Link: https://lore.kernel.org/r/20210121131959.646623-27-christian.brauner@ubuntu.com Signed-off-by:Christian Brauner <christian.brauner@ubuntu.com>
Showing
- fs/attr.c 1 addition, 1 deletionfs/attr.c
- fs/namei.c 2 additions, 2 deletionsfs/namei.c
- include/linux/ima.h 12 additions, 6 deletionsinclude/linux/ima.h
- security/integrity/ima/ima.h 12 additions, 7 deletionssecurity/integrity/ima/ima.h
- security/integrity/ima/ima_api.c 6 additions, 4 deletionssecurity/integrity/ima/ima_api.c
- security/integrity/ima/ima_appraise.c 9 additions, 6 deletionssecurity/integrity/ima/ima_appraise.c
- security/integrity/ima/ima_asymmetric_keys.c 2 additions, 1 deletionsecurity/integrity/ima/ima_asymmetric_keys.c
- security/integrity/ima/ima_main.c 24 additions, 13 deletionssecurity/integrity/ima/ima_main.c
- security/integrity/ima/ima_policy.c 12 additions, 8 deletionssecurity/integrity/ima/ima_policy.c
- security/integrity/ima/ima_queue_keys.c 3 additions, 1 deletionsecurity/integrity/ima/ima_queue_keys.c
Please register or sign in to comment