security · 010d7c422296b34d6862f9b34d5a04fea89ea6d8 · Upstream / linux-stable

fs: support mapped mounts of mapped filesystems

Christian Brauner authored 3 years ago

commit bd303368 upstream.

In previous patches we added new and modified existing helpers to handle
idmapped mounts of filesystems mounted with an idmapping. In this final
patch we convert all relevant places in the vfs to actually pass the
filesystem's idmapping into these helpers.

With this the vfs is in shape to handle idmapped mounts of filesystems
mounted with an idmapping. Note that this is just the generic
infrastructure. Actually adding support for idmapped mounts to a
filesystem mountable with an idmapping is follow-up work.

In this patch we extend the definition of an idmapped mount from a mount
that that has the initial idmapping attached to it to a mount that has
an idmapping attached to it which is not the same as the idmapping the
filesystem was mounted with.

As before we do not allow the initial idmapping to be attached to a
mount. In addition this patch prevents that the idmapping the filesystem
was mounted ...

38753e91

Name	Last commit	Last update
..
apparmor	apparmor: fix error check	3 years ago
bpf	bpf: Implement task local storage	4 years ago
integrity	ima: remove the IMA_TEMPLATE Kconfig option	3 years ago
keys	KEYS: trusted: tpm2: Fix migratable logic	3 years ago
landlock	landlock: Fix same-layer rule unions	3 years ago
loadpin	LSM: Add "contents" flag to kernel_read_file hook	4 years ago
lockdown	Merge branch 'next-general' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security	5 years ago
safesetid	LSM: SafeSetID: Mark safesetid_initialized as __initdata	4 years ago
selinux	selinux: fix bad cleanup on error in hashtab_duplicate()	3 years ago
smack	Fix incorrect type in assignment of ipv6 port for audit	3 years ago
tomoyo	TOMOYO: fix __setup handlers return values	3 years ago
yama	task_work: cleanup notification modes	4 years ago
Kconfig	fortify: Explicitly disable Clang support	3 years ago
Kconfig.hardening	hardening: Clarify Kconfig text for auto-var-init	4 years ago
Makefile	security: remove unneeded subdir-$(CONFIG_...)	3 years ago
commoncap.c	fs: support mapped mounts of mapped filesystems	3 years ago
device_cgroup.c	device_cgroup: Fix RCU list debugging warning	4 years ago
inode.c	Merge branch 'work.mount0' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs	6 years ago
lsm_audit.c	audit: remove unnecessary 'ret' initialization	4 years ago
min_addr.c	sysctl: pass kernel pointers to ->proc_handler	5 years ago
security.c	lockdown: also lock down previous kgdb use	3 years ago

GitLab

Menu

Download source code

Download this directory