On Tue, Jan 25, 2022 at 05:46:27PM -0500, Stefan Berger wrote: > From: Stefan Berger <stefanb@xxxxxxxxxxxxx> > > Define the ima_namespace structure and the ima_namespace variable > init_ima_ns for the host's IMA namespace. Implement basic functions for > namespacing support. > > Move variables related to the IMA policy into the ima_namespace. This way > the IMA policy of an IMA namespace can be set and displayed using a > front-end like securityfs. > > Implement ima_ns_from_file() to get the IMA namespace via the user > namespace of the securityfs superblock that a file belongs to. > > To get the current ima_namespace use &init_ima_ns when a function > that is related to a policy rule is called. > > Signed-off-by: Stefan Berger <stefanb@xxxxxxxxxxxxx> > > --- For the approach of introducing struct ima_namespace and moving a bunch of variables in there at the same time to prepare subsequent further namespacing: Acked-by: Christian Brauner <brauner@xxxxxxxxxx> I can't speak to the actual ima changes.
