Quoting Sukadev Bhattiprolu (sukadev@xxxxxxxxxxxxxxxxxx):
[From patch 2]
> @@ -222,9 +222,16 @@ int __f_setown(struct file *filp, struct pid *pid, enum pid_type type,
> if (err)
> return err;
>
> - f_modown(filp, pid, type, current_uid(), current_euid(), force);
> + f_modown(filp, pid, type, uid, euid, force);
> return 0;
> }
> +
> +int __f_setown(struct file *filp, struct pid *pid, enum pid_type type,
> + int force)
> +{
> + return __f_setown_uid(filp, pid, type, current_uid(), current_euid(),
> + force);
> +}
> EXPORT_SYMBOL(__f_setown);
[From patch 4]
> + /*
> + * TODO: Do we need to force==1 or can it be 0 ? 'force' is used to
> + * modify the owner, if one is already set. Can it be set when
> + * we restart an application ?
> + */
> + ret = __f_setown_uid(file, pid, h->f_owner_pid_type, h->f_owner_uid,
> + h->f_owner_euid, 1);
> + rcu_read_unlock();
I think you need to modify how __f_setown() is calling
security_file_set_fowner(). Though I guess noone looks at the
current_uid(), so maybe it's not so important at this point.
(I do wonder whether converting fowner to using a struct cred
is the way to go)
-serge
_______________________________________________
Containers mailing list
Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx
https://lists.linux-foundation.org/mailman/listinfo/containers
