linux/security/apparmor
Christian Brauner 549c729771
fs: make helpers idmap mount aware
Extend some inode methods with an additional user namespace argument. A
filesystem that is aware of idmapped mounts will receive the user
namespace the mount has been marked with. This can be used for
additional permission checking and also to enable filesystems to
translate between uids and gids if they need to. We have implemented all
relevant helpers in earlier patches.

As requested we simply extend the exisiting inode method instead of
introducing new ones. This is a little more code churn but it's mostly
mechanical and doesnt't leave us with additional inode methods.

Link: https://lore.kernel.org/r/20210121131959.646623-25-christian.brauner@ubuntu.com
Cc: Christoph Hellwig <hch@lst.de>
Cc: David Howells <dhowells@redhat.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: linux-fsdevel@vger.kernel.org
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2021-01-24 14:27:20 +01:00
..
include security: add const qualifier to struct sock in various places 2020-12-03 12:56:03 -08:00
.gitignore .gitignore: add SPDX License Identifier 2020-03-25 11:50:48 +01:00
apparmorfs.c fs: make helpers idmap mount aware 2021-01-24 14:27:20 +01:00
audit.c audit: purge audit_log_string from the intra-kernel audit API 2020-07-21 11:12:31 -04:00
capability.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 441 2019-06-05 17:37:17 +02:00
crypto.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 441 2019-06-05 17:37:17 +02:00
domain.c xattr: handle idmapped mounts 2021-01-24 14:27:17 +01:00
file.c audit: purge audit_log_string from the intra-kernel audit API 2020-07-21 11:12:31 -04:00
ipc.c audit: purge audit_log_string from the intra-kernel audit API 2020-07-21 11:12:31 -04:00
Kconfig Minor fixes for v5.9. 2020-08-11 14:30:36 -07:00
label.c apparmor: Fix memory leak of profile proxy 2020-06-07 13:38:55 -07:00
lib.c treewide: Use fallthrough pseudo-keyword 2020-08-23 17:36:59 -05:00
lsm.c security: add const qualifier to struct sock in various places 2020-12-03 12:56:03 -08:00
Makefile
match.c apparmor: ensure that dfa state tables have entries 2020-04-08 04:42:48 -07:00
mount.c apparmor: fix bind mounts aborting with -ENOMEM 2020-01-02 05:31:40 -08:00
net.c security: add const qualifier to struct sock in various places 2020-12-03 12:56:03 -08:00
nulldfa.in
path.c AppArmor: Remove semicolon 2020-01-18 15:36:58 -08:00
policy_ns.c mm, treewide: rename kzfree() to kfree_sensitive() 2020-08-07 11:33:22 -07:00
policy_unpack_test.c apparmor: add AppArmor KUnit tests for policy unpack 2020-01-09 16:27:43 -07:00
policy_unpack.c mm, treewide: rename kzfree() to kfree_sensitive() 2020-08-07 11:33:22 -07:00
policy.c mm, treewide: rename kzfree() to kfree_sensitive() 2020-08-07 11:33:22 -07:00
procattr.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 441 2019-06-05 17:37:17 +02:00
resource.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 441 2019-06-05 17:37:17 +02:00
secid.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 441 2019-06-05 17:37:17 +02:00
stacksplitdfa.in
task.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 441 2019-06-05 17:37:17 +02:00