[PATCH v6 04/40] capability: handle idmapped mounts

James Morris jmorris at namei.org
Fri Jan 22 02:57:11 UTC 2021

On Thu, 21 Jan 2021, Christian Brauner wrote:

> In order to determine whether a caller holds privilege over a given
> inode the capability framework exposes the two helpers
> privileged_wrt_inode_uidgid() and capable_wrt_inode_uidgid(). The former
> verifies that the inode has a mapping in the caller's user namespace and
> the latter additionally verifies that the caller has the requested
> capability in their current user namespace.
> If the inode is accessed through an idmapped mount map it into the
> mount's user namespace. Afterwards the checks are identical to
> non-idmapped inodes. If the initial user namespace is passed all
> operations are a nop so non-idmapped mounts will not see a change in
> behavior.
> Link: https://lore.kernel.org/r/20210112220124.837960-11-christian.brauner@ubuntu.com
> Cc: Christoph Hellwig <hch at lst.de>
> Cc: David Howells <dhowells at redhat.com>
> Cc: Al Viro <viro at zeniv.linux.org.uk>
> Cc: linux-fsdevel at vger.kernel.org
> Reviewed-by: Christoph Hellwig <hch at lst.de>
> Acked-by: Serge Hallyn <serge at hallyn.com>
> Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>

Reviewed-by: James Morris <jamorris at linux.microsoft.com>

James Morris
<jmorris at namei.org>

More information about the Linux-security-module-archive mailing list