[GIT PULL] vfsuid updates for v6.2
From: Christian Brauner
Date: Mon Dec 12 2022 - 07:35:24 EST
Hey Linus,
/* Summary */
Last cycle we introduced the vfs{g,u}id_t types and associated helpers to gain
type safety when dealing with idmapped mounts. That initial pull request back
then already converted a lot of places over but there were still some left,
This pull request converts all remaining places that still make use of non-type
safe idmapping helpers to rely on the new type safe vfs{g,u}id based helpers.
Afterwards it removes all the old non-type safe helpers.
Note that this pull request has the setgid inheritance branch merged in as the
setgid inheritance branch unifies multiple open-coded checks into a single
helper making the conversion here easier. I've sent a pull request for that
work rearlier so it's on the list and in your inbox before this one. The lore
url is:
https://lore.kernel.org/lkml/20221212112053.99208-1-brauner@xxxxxxxxxx
In case you don't want to pull "setgid inheritance updates for v6.2" but still
would like to pull the remaining vfs{g,u}id_t conversions (That would be
greatly appreciated as it gets rid of duplicated functionality between the
different helpers.) I prepared the tag
fs.vfsuid.conversion.standalone.v6.2
This tag only contains all the vfs{g,u}id_t patches without any of the "setgid
inheritance updates for v6.2" patches.
ssh://git@xxxxxxxxxxxxxxxxxxx/pub/scm/linux/kernel/git/vfs/idmapping.git tags/fs.vfsuid.conversion.standalone.v6.2
/* Testing */
clang: Ubuntu clang version 15.0.2-1
gcc: gcc (Ubuntu 12.2.0-3ubuntu1) 12.2.0
All patches are based on v6.1-rc1 and have been sitting in linux-next. No build
failures or warnings were observed. The vfsuid conversionn portion passes all
old and new tests in fstests, selftests, and LTP pass without regressions.
/* Conflicts */
At the time of creating this PR no merge conflicts were reported from
linux-next and no merge conflicts showed up doing a test-merge with current
mainline.
/* Conflicts */
At the time of creating this PR no merge conflicts were reported from
linux-next and no merge conflicts showed up doing a test-merge with current
mainline.
The following changes since commit 9abf2313adc1ca1b6180c508c25f22f9395cc780:
Linux 6.1-rc1 (2022-10-16 15:36:24 -0700)
are available in the Git repository at:
ssh://git@xxxxxxxxxxxxxxxxxxx/pub/scm/linux/kernel/git/vfs/idmapping.git tags/fs.vfsuid.conversion.v6.2
__Alternatively__, a standalone version without the setgid patches merged in
can be found at:
ssh://git@xxxxxxxxxxxxxxxxxxx/pub/scm/linux/kernel/git/vfs/idmapping.git tags/fs.vfsuid.conversion.standalone.v6.2
for you to fetch changes up to eb7718cdb73c6b0c93002f8f73f4dd4701f8d2bb:
fs: remove unused idmapping helpers (2022-10-26 10:03:34 +0200)
Please consider pulling these changes from the signed fs.vfsuid.conversion.v6.2
or fs.vfsuid.conversion.standalone.v6.2 tag.
Thanks!
Christian
----------------------------------------------------------------
fs.vfsuid.conversion.v6.2
----------------------------------------------------------------
Amir Goldstein (2):
ovl: remove privs in ovl_copyfile()
ovl: remove privs in ovl_fallocate()
Christian Brauner (12):
attr: add in_group_or_capable()
fs: move should_remove_suid()
attr: add setattr_should_drop_sgid()
attr: use consistent sgid stripping checks
mnt_idmapping: add missing helpers
fs: use type safe idmapping helpers
caps: use type safe idmapping helpers
apparmor: use type safe idmapping helpers
ima: use type safe idmapping helpers
fuse: port to vfs{g,u}id_t and associated helpers
ovl: port to vfs{g,u}id_t and associated helpers
fs: remove unused idmapping helpers
Documentation/trace/ftrace.rst | 2 +-
fs/attr.c | 74 +++++++++++++++++++++++---
fs/coredump.c | 4 +-
fs/exec.c | 16 +++---
fs/fuse/acl.c | 2 +-
fs/fuse/file.c | 2 +-
fs/inode.c | 72 ++++++++++++--------------
fs/internal.h | 10 +++-
fs/namei.c | 40 +++++++--------
fs/ocfs2/file.c | 4 +-
fs/open.c | 8 +--
fs/overlayfs/file.c | 28 ++++++++--
fs/overlayfs/util.c | 9 +++-
fs/remap_range.c | 2 +-
fs/stat.c | 7 ++-
include/linux/fs.h | 36 +------------
include/linux/mnt_idmapping.h | 100 ++++++++++++------------------------
kernel/capability.c | 4 +-
security/apparmor/domain.c | 8 +--
security/apparmor/file.c | 4 +-
security/apparmor/lsm.c | 25 ++++++---
security/commoncap.c | 51 +++++++++---------
security/integrity/ima/ima_policy.c | 34 ++++++------
23 files changed, 289 insertions(+), 253 deletions(-)