summaryrefslogtreecommitdiff
path: root/security/integrity
diff options
context:
space:
mode:
authorChristian Brauner <brauner@kernel.org>2023-01-13 12:49:11 +0100
committerChristian Brauner (Microsoft) <brauner@kernel.org>2023-01-19 09:24:02 +0100
commitc1632a0f11209338fc300c66252bcc4686e609e8 (patch)
tree0a17d3844bb4fbdabc565f022a8da3bed1fe361a /security/integrity
parentabf08576afe31506b812c8c1be9714f78613f300 (diff)
fs: port ->setattr() to pass mnt_idmap
Convert to struct mnt_idmap. Last cycle we merged the necessary infrastructure in 256c8aed2b42 ("fs: introduce dedicated idmap type for mounts"). This is just the conversion to struct mnt_idmap. Currently we still pass around the plain namespace that was attached to a mount. This is in general pretty convenient but it makes it easy to conflate namespaces that are relevant on the filesystem with namespaces that are relevent on the mount level. Especially for non-vfs developers without detailed knowledge in this area this can be a potential source for bugs. Once the conversion to struct mnt_idmap is done all helpers down to the really low-level helpers will take a struct mnt_idmap argument instead of two namespace arguments. This way it becomes impossible to conflate the two eliminating the possibility of any bugs. All of the vfs and all filesystems only operate on struct mnt_idmap. Acked-by: Dave Chinner <dchinner@redhat.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Christian Brauner (Microsoft) <brauner@kernel.org>
Diffstat (limited to 'security/integrity')
-rw-r--r--security/integrity/evm/evm_main.c7
-rw-r--r--security/integrity/evm/evm_secfs.c2
2 files changed, 5 insertions, 4 deletions
diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/evm_main.c
index f02e609460e2..e5a6a3bb1209 100644
--- a/security/integrity/evm/evm_main.c
+++ b/security/integrity/evm/evm_main.c
@@ -779,10 +779,11 @@ void evm_inode_post_removexattr(struct dentry *dentry, const char *xattr_name)
evm_update_evmxattr(dentry, xattr_name, NULL, 0);
}
-static int evm_attr_change(struct user_namespace *mnt_userns,
+static int evm_attr_change(struct mnt_idmap *idmap,
struct dentry *dentry, struct iattr *attr)
{
struct inode *inode = d_backing_inode(dentry);
+ struct user_namespace *mnt_userns = mnt_idmap_owner(idmap);
unsigned int ia_valid = attr->ia_valid;
if (!i_uid_needs_update(mnt_userns, attr, inode) &&
@@ -800,7 +801,7 @@ static int evm_attr_change(struct user_namespace *mnt_userns,
* Permit update of file attributes when files have a valid EVM signature,
* except in the case of them having an immutable portable signature.
*/
-int evm_inode_setattr(struct user_namespace *mnt_userns, struct dentry *dentry,
+int evm_inode_setattr(struct mnt_idmap *idmap, struct dentry *dentry,
struct iattr *attr)
{
unsigned int ia_valid = attr->ia_valid;
@@ -827,7 +828,7 @@ int evm_inode_setattr(struct user_namespace *mnt_userns, struct dentry *dentry,
return 0;
if (evm_status == INTEGRITY_PASS_IMMUTABLE &&
- !evm_attr_change(mnt_userns, dentry, attr))
+ !evm_attr_change(idmap, dentry, attr))
return 0;
integrity_audit_msg(AUDIT_INTEGRITY_METADATA, d_backing_inode(dentry),
diff --git a/security/integrity/evm/evm_secfs.c b/security/integrity/evm/evm_secfs.c
index 8a9db7dfca7e..9b907c2fee60 100644
--- a/security/integrity/evm/evm_secfs.c
+++ b/security/integrity/evm/evm_secfs.c
@@ -228,7 +228,7 @@ static ssize_t evm_write_xattrs(struct file *file, const char __user *buf,
newattrs.ia_valid = ATTR_MODE;
inode = evm_xattrs->d_inode;
inode_lock(inode);
- err = simple_setattr(&init_user_ns, evm_xattrs, &newattrs);
+ err = simple_setattr(&nop_mnt_idmap, evm_xattrs, &newattrs);
inode_unlock(inode);
if (!err)
err = count;