On Tue, Jan 12, 2021 at 11:01:01PM +0100, Christian Brauner wrote: > The may_follow_link(), may_linkat(), may_lookup(), may_open(), > may_o_create(), may_create_in_sticky(), may_delete(), and may_create() > helpers determine whether the caller is privileged enough to perform the > associated operations. Let them handle idmapped mounts by mapping the > inode or fsids according to the mount's user namespace. Afterwards the > checks are identical to non-idmapped inodes. The patch takes care to > retrieve the mount's user namespace right before performing permission > checks and passing it down into the fileystem so the user namespace > can't change in between by someone idmapping a mount that is currently > not idmapped. If the initial user namespace is passed nothing changes so > non-idmapped mounts will see identical behavior as before. Looks good, Reviewed-by: Christoph Hellwig <hch@xxxxxx>
