On Thu, 21 Jan 2021, Christian Brauner wrote: > In order to determine whether a caller holds privilege over a given > inode the capability framework exposes the two helpers > privileged_wrt_inode_uidgid() and capable_wrt_inode_uidgid(). The former > verifies that the inode has a mapping in the caller's user namespace and > the latter additionally verifies that the caller has the requested > capability in their current user namespace. > If the inode is accessed through an idmapped mount map it into the > mount's user namespace. Afterwards the checks are identical to > non-idmapped inodes. If the initial user namespace is passed all > operations are a nop so non-idmapped mounts will not see a change in > behavior. > > Link: https://lore.kernel.org/r/20210112220124.837960-11-christian.brauner@xxxxxxxxxx > Cc: Christoph Hellwig <hch@xxxxxx> > Cc: David Howells <dhowells@xxxxxxxxxx> > Cc: Al Viro <viro@xxxxxxxxxxxxxxxxxx> > Cc: linux-fsdevel@xxxxxxxxxxxxxxx > Reviewed-by: Christoph Hellwig <hch@xxxxxx> > Acked-by: Serge Hallyn <serge@xxxxxxxxxx> > Signed-off-by: Christian Brauner <christian.brauner@xxxxxxxxxx> Reviewed-by: James Morris <jamorris@xxxxxxxxxxxxxxxxxxx> -- James Morris <jmorris@xxxxxxxxx>
