[PATCH 33/34] overlayfs: handle idmapped merged mounts

Amir Goldstein amir73il at gmail.com
Fri Oct 30 09:57:24 UTC 2020


> -int ovl_permission(struct inode *inode, int mask)
> +int ovl_permission_mapped(struct user_namespace *user_ns,
> +                         struct inode *inode, int mask)
>  {
>         struct inode *upperinode = ovl_inode_upper(inode);
>         struct inode *realinode = upperinode ?: ovl_inode_lower(inode);
> -       struct user_namespace *user_ns;
> +       struct user_namespace *real_user_ns;
>         const struct cred *old_cred;
>         int err;
>
> @@ -302,15 +313,15 @@ int ovl_permission(struct inode *inode, int mask)
>         }
>
>         if (upperinode)
> -               user_ns = ovl_upper_mnt_user_ns(OVL_FS(inode->i_sb));
> +               real_user_ns = ovl_upper_mnt_user_ns(OVL_FS(inode->i_sb));
>         else
> -               user_ns = OVL_I(inode)->lower_user_ns;
> +               real_user_ns = OVL_I(inode)->lower_user_ns;

These changes look strange in this patch. Better use real_user_ns in previous
patch.

Thanks,
Amir.



More information about the Linux-security-module-archive mailing list