[PATCH v5 24/42] af_unix: handle idmapped mounts
Christian Brauner
christian.brauner at ubuntu.com
Tue Jan 12 22:01:06 UTC 2021
When binding a non-abstract AF_UNIX socket it will gain a representation
in the filesystem. Enable the socket infrastructure to handle idmapped
mounts by passing down the user namespace of the mount the socket will
be created from. If the initial user namespace is passed nothing changes
so non-idmapped mounts will see identical behavior as before.
Cc: Christoph Hellwig <hch at lst.de>
Cc: David Howells <dhowells at redhat.com>
Cc: Al Viro <viro at zeniv.linux.org.uk>
Cc: linux-fsdevel at vger.kernel.org
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
/* v2 */
unchanged
/* v3 */
unchanged
/* v4 */
unchanged
/* v5 */
base-commit: 7c53f6b671f4aba70ff15e1b05148b10d58c2837
---
net/unix/af_unix.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
index b4987805e5e5..4be33240e9cc 100644
--- a/net/unix/af_unix.c
+++ b/net/unix/af_unix.c
@@ -996,7 +996,7 @@ static int unix_mknod(const char *sun_path, umode_t mode, struct path *res)
*/
err = security_path_mknod(&path, dentry, mode, 0);
if (!err) {
- err = vfs_mknod(&init_user_ns, d_inode(path.dentry), dentry, mode, 0);
+ err = vfs_mknod(mnt_user_ns(path.mnt), d_inode(path.dentry), dentry, mode, 0);
if (!err) {
res->mnt = mntget(path.mnt);
res->dentry = dget(dentry);
--
2.30.0
More information about the Linux-security-module-archive
mailing list