tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge tag 'fs.vfsuid.ima.v6.2-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/idmapping

Pull vfsuid cleanup from Christian Brauner:
"This moves the ima specific vfs{g,u}id_t comparison helpers out of the
header and into the one file in ima where they are used.

We shouldn't incentivize people to use them by placing them into the
header. As discussed and suggested by Linus in [1] let's just define
them locally in the one file in ima where they are used"

Link: https://lore.kernel.org/lkml/CAHk-=wj4BpEwUd=OkTv1F9uykvSrsBNZJVHMp+p_+e2kiV71_A@mail.gmail.com [1]

* tag 'fs.vfsuid.ima.v6.2-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/idmapping:
mnt_idmapping: move ima-only helpers to ima

Linus Torvalds 878cf96f 222882c2

+24 -20
-20
include/linux/mnt_idmapping.h
··· 96 96 return vfsgid_valid(vfsgid) && __vfsgid_val(vfsgid) == __kgid_val(kgid); 97 97 } 98 98 99 - static inline bool vfsuid_gt_kuid(vfsuid_t vfsuid, kuid_t kuid) 100 - { 101 - return __vfsuid_val(vfsuid) > __kuid_val(kuid); 102 - } 103 - 104 - static inline bool vfsgid_gt_kgid(vfsgid_t vfsgid, kgid_t kgid) 105 - { 106 - return __vfsgid_val(vfsgid) > __kgid_val(kgid); 107 - } 108 - 109 - static inline bool vfsuid_lt_kuid(vfsuid_t vfsuid, kuid_t kuid) 110 - { 111 - return __vfsuid_val(vfsuid) < __kuid_val(kuid); 112 - } 113 - 114 - static inline bool vfsgid_lt_kgid(vfsgid_t vfsgid, kgid_t kgid) 115 - { 116 - return __vfsgid_val(vfsgid) < __kgid_val(kgid); 117 - } 118 - 119 99 /* 120 100 * vfs{g,u}ids are created from k{g,u}ids. 121 101 * We don't allow them to be created from regular {u,g}id.
+24
security/integrity/ima/ima_policy.c
··· 71 71 char *items[]; 72 72 }; 73 73 74 + /* 75 + * These comparators are needed nowhere outside of ima so just define them here. 76 + * This pattern should hopefully never be needed outside of ima. 77 + */ 78 + static inline bool vfsuid_gt_kuid(vfsuid_t vfsuid, kuid_t kuid) 79 + { 80 + return __vfsuid_val(vfsuid) > __kuid_val(kuid); 81 + } 82 + 83 + static inline bool vfsgid_gt_kgid(vfsgid_t vfsgid, kgid_t kgid) 84 + { 85 + return __vfsgid_val(vfsgid) > __kgid_val(kgid); 86 + } 87 + 88 + static inline bool vfsuid_lt_kuid(vfsuid_t vfsuid, kuid_t kuid) 89 + { 90 + return __vfsuid_val(vfsuid) < __kuid_val(kuid); 91 + } 92 + 93 + static inline bool vfsgid_lt_kgid(vfsgid_t vfsgid, kgid_t kgid) 94 + { 95 + return __vfsgid_val(vfsgid) < __kgid_val(kgid); 96 + } 97 + 74 98 struct ima_rule_entry { 75 99 struct list_head list; 76 100 int action;