On Thu, 21 Jan 2021, Christian Brauner wrote: > The inode_owner_or_capable() helper determines whether the caller is the > owner of the inode or is capable with respect to that inode. Allow it to > handle idmapped mounts. If the inode is accessed through an idmapped > mount it according to the mount's user namespace. Afterwards the checks > are identical to non-idmapped mounts. If the initial user namespace is > passed nothing changes so non-idmapped mounts will see identical > behavior as before. > > Similarly, allow the inode_init_owner() helper to handle idmapped > mounts. It initializes a new inode on idmapped mounts by mapping the > fsuid and fsgid of the caller from the mount's user namespace. If the > initial user namespace is passed nothing changes so non-idmapped mounts > will see identical behavior as before. > > Link: https://lore.kernel.org/r/20210112220124.837960-13-christian.brauner@xxxxxxxxxx > Cc: Christoph Hellwig <hch@xxxxxx> > Cc: David Howells <dhowells@xxxxxxxxxx> > Cc: Al Viro <viro@xxxxxxxxxxxxxxxxxx> > Cc: linux-fsdevel@xxxxxxxxxxxxxxx > Reviewed-by: Christoph Hellwig <hch@xxxxxx> > Signed-off-by: Christian Brauner <christian.brauner@xxxxxxxxxx> Reviewed-by: James Morris <jamorris@xxxxxxxxxxxxxxxxxxx> -- James Morris <jmorris@xxxxxxxxx>
