On Thu, 21 Jan 2021, Christian Brauner wrote: > For core file operations such as changing directories or chrooting, > determining file access, changing mode or ownership the vfs will verify > that the caller is privileged over the inode. Extend the various helpers > to handle idmapped mounts. If the inode is accessed through an idmapped > mount map it into the mount's user namespace. Afterwards the permissions > checks are identical to non-idmapped mounts. When changing file > ownership we need to map the uid and gid from the mount's user > namespace. If the initial user namespace is passed nothing changes so > non-idmapped mounts will see identical behavior as before. > > Link: https://lore.kernel.org/r/20210112220124.837960-24-christian.brauner@xxxxxxxxxx > Cc: Christoph Hellwig <hch@xxxxxx> > Cc: David Howells <dhowells@xxxxxxxxxx> > Cc: Al Viro <viro@xxxxxxxxxxxxxxxxxx> > Cc: linux-fsdevel@xxxxxxxxxxxxxxx > Signed-off-by: Christian Brauner <christian.brauner@xxxxxxxxxx> Reviewed-by: James Morris <jamorris@xxxxxxxxxxxxxxxxxxx> -- James Morris <jmorris@xxxxxxxxx>
