On Thu, 21 Jan 2021, Christian Brauner wrote: > The two helpers inode_permission() and generic_permission() are used by > the vfs to perform basic permission checking by verifying that the > caller is privileged over an inode. In order to handle idmapped mounts > we extend the two helpers with an additional user namespace argument. > On idmapped mounts the two helpers will make sure to map the inode > according to the mount's user namespace and then peform identical > permission checks to inode_permission() and generic_permission(). If the > initial user namespace is passed nothing changes so non-idmapped mounts > will see identical behavior as before. > > Link: https://lore.kernel.org/r/20210112220124.837960-12-christian.brauner@xxxxxxxxxx > Cc: Christoph Hellwig <hch@xxxxxx> > Cc: David Howells <dhowells@xxxxxxxxxx> > Cc: Al Viro <viro@xxxxxxxxxxxxxxxxxx> > Cc: linux-fsdevel@xxxxxxxxxxxxxxx > Reviewed-by: Christoph Hellwig <hch@xxxxxx> > Acked-by: Serge Hallyn <serge@xxxxxxxxxx> > Signed-off-by: Christian Brauner <christian.brauner@xxxxxxxxxx> Reviewed-by: James Morris <jamorris@xxxxxxxxxxxxxxxxxxx> -- James Morris <jmorris@xxxxxxxxx>
