Hi Eric, Today's linux-next merge of the userns tree got a conflict in security/integrity/ima/ima_policy.c between commit 07f6a79415d7 ("ima: add appraise action keywords and default rules") from the security tree and commit 8b94eea4bfb8 ("userns: Add user namespace support to IMA") from the userns tree. I fixed it up (see below) but it probably needs more and can carry the fix as necessary (no action is required). -- Cheers, Stephen Rothwell sfr@xxxxxxxxxxxxxxxx diff --cc security/integrity/ima/ima_policy.c index cda9031,c84df05..0000000 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c @@@ -45,8 -39,7 +45,8 @@@ struct ima_rule_entry enum ima_hooks func; int mask; unsigned long fsmagic; - uid_t uid; + kuid_t uid; + uid_t fowner; struct { void *rule; /* LSM file metadata specific */ int type; /* audit type */ @@@ -141,10 -112,8 +141,10 @@@ static bool ima_match_rules(struct ima_ if ((rule->flags & IMA_FSMAGIC) && rule->fsmagic != inode->i_sb->s_magic) return false; - if ((rule->flags & IMA_UID) && rule->uid != cred->uid) + if ((rule->flags & IMA_UID) && !uid_eq(rule->uid, cred->uid)) return false; + if ((rule->flags & IMA_FOWNER) && rule->fowner != inode->i_uid) + return false; for (i = 0; i < MAX_LSM_RULES; i++) { int rc = 0; u32 osid, sid; @@@ -336,8 -277,7 +336,8 @@@ static int ima_parse_rule(char *rule, s ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_INTEGRITY_RULE); - entry->uid = -1; + entry->uid = INVALID_UID; + entry->fowner = -1; entry->action = UNKNOWN; while ((p = strsep(&rule, " \t")) != NULL) { substring_t args[MAX_OPT_ARGS];
Attachment:
pgpEgML3MfoGK.pgp
Description: PGP signature