On 12/2/21 21:31, Stefan Berger wrote:
extern struct ima_namespace init_ima_ns;
diff --git a/security/inode.c b/security/inode.c
index 2738a7b31469..6223f1d838f6 100644
--- a/security/inode.c
+++ b/security/inode.c
@@ -22,6 +22,7 @@
#include <linux/lsm_hooks.h>
#include <linux/magic.h>
#include <linux/user_namespace.h>
+#include <linux/ima.h>
static struct vfsmount *securityfs_mount;
static int securityfs_mount_count;
@@ -63,6 +64,13 @@ static const struct fs_context_operations securityfs_context_ops = {
static int securityfs_init_fs_context(struct fs_context *fc)
{
+ int rc;
+
+ if (fc->user_ns->ima_ns->late_fs_init) {
+ rc = fc->user_ns->ima_ns->late_fs_init(fc->user_ns);
+ if (rc)
+ return rc;
+ }
fc->ops = &securityfs_context_ops;
return 0;
}
Kernel test robot made me change it to this here:
static int securityfs_init_fs_context(struct fs_context *fc)
{
fc->ops = &securityfs_context_ops;
return ima_ns_late_fs_init(fc->user_ns);
}
With this here when CONFIG_IMA_NS is defined:
static inline int ima_ns_late_fs_init(struct user_namespace *user_ns)
{
struct ima_namespace *ns = user_ns->ima_ns;
if (ns->late_fs_init)
return ns->late_fs_init(ns);
return 0;
}
Stefan
