linux-next: manual merge of the userns tree with the security tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Eric,

Today's linux-next merge of the userns tree got a conflict in
security/integrity/ima/ima_policy.c between commit 07f6a79415d7 ("ima:
add appraise action keywords and default rules") from the security tree
and commit 8b94eea4bfb8 ("userns: Add user namespace support to IMA") from
the userns tree.

I fixed it up (see below) but it probably needs more and can carry the
fix as necessary (no action is required).

-- 
Cheers,
Stephen Rothwell                    sfr@xxxxxxxxxxxxxxxx

diff --cc security/integrity/ima/ima_policy.c
index cda9031,c84df05..0000000
--- a/security/integrity/ima/ima_policy.c
+++ b/security/integrity/ima/ima_policy.c
@@@ -45,8 -39,7 +45,8 @@@ struct ima_rule_entry 
  	enum ima_hooks func;
  	int mask;
  	unsigned long fsmagic;
- 	uid_t uid;
+ 	kuid_t uid;
 +	uid_t fowner;
  	struct {
  		void *rule;	/* LSM file metadata specific */
  		int type;	/* audit type */
@@@ -141,10 -112,8 +141,10 @@@ static bool ima_match_rules(struct ima_
  	if ((rule->flags & IMA_FSMAGIC)
  	    && rule->fsmagic != inode->i_sb->s_magic)
  		return false;
- 	if ((rule->flags & IMA_UID) && rule->uid != cred->uid)
+ 	if ((rule->flags & IMA_UID) && !uid_eq(rule->uid, cred->uid))
  		return false;
 +	if ((rule->flags & IMA_FOWNER) && rule->fowner != inode->i_uid)
 +		return false;
  	for (i = 0; i < MAX_LSM_RULES; i++) {
  		int rc = 0;
  		u32 osid, sid;
@@@ -336,8 -277,7 +336,8 @@@ static int ima_parse_rule(char *rule, s
  
  	ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_INTEGRITY_RULE);
  
- 	entry->uid = -1;
+ 	entry->uid = INVALID_UID;
 +	entry->fowner = -1;
  	entry->action = UNKNOWN;
  	while ((p = strsep(&rule, " \t")) != NULL) {
  		substring_t args[MAX_OPT_ARGS];

Attachment: pgpEgML3MfoGK.pgp
Description: PGP signature


[Index of Archives]     [Linux Kernel]     [Linux USB Development]     [Yosemite News]     [Linux SCSI]

  Powered by Linux