On Tue, Jan 12, 2021 at 11:00:52PM +0100, Christian Brauner wrote: > In order to determine whether a caller holds privilege over a given > inode the capability framework exposes the two helpers > privileged_wrt_inode_uidgid() and capable_wrt_inode_uidgid(). The former > verifies that the inode has a mapping in the caller's user namespace and > the latter additionally verifies that the caller has the requested > capability in their current user namespace. > If the inode is accessed through an idmapped mount we simply need to map > it according to the mount's user namespace. Afterwards the checks are > identical to non-idmapped inodes. If the initial user namespace is > passed all operations are a nop so non-idmapped mounts will not see a > change in behavior and will also not see any performance impact. This adds a bunch of pointless > 80 char lines, that would be nice to fix up. Otherwise looks good: Reviewed-by: Christoph Hellwig <hch@xxxxxx>
