Re: [PATCH v4 11/16] securityfs: Only use simple_pin_fs/simple_release_fs for init_user_ns
From: Christian Brauner <hidden>
Date: 2021-12-08 12:47:01
Also in:
linux-integrity, lkml
On Tue, Dec 07, 2021 at 03:21:22PM -0500, Stefan Berger wrote:
quoted hunk ↗ jump to hunk
To prepare for virtualization of SecurityFS, use simple_pin_fs and simpe_release_fs only when init_user_ns is active. Signed-off-by: Stefan Berger <stefanb@linux.ibm.com> Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com> --- security/inode.c | 30 +++++++++++++++++++++--------- 1 file changed, 21 insertions(+), 9 deletions(-)diff --git a/security/inode.c b/security/inode.c index 6c326939750d..1a720b2c566d 100644 --- a/security/inode.c +++ b/security/inode.c@@ -21,9 +21,10 @@ #include <linux/security.h> #include <linux/lsm_hooks.h> #include <linux/magic.h> +#include <linux/user_namespace.h> -static struct vfsmount *mount; -static int mount_count; +static struct vfsmount *securityfs_mount; +static int securityfs_mount_count;
Maybe better: static struct vfsmount *init_securityfs_mount; static int init_securityfs_mount_count; gets a bit long but gets the meaning across better plus it's a global so not really an issue imho if it's long. Otherwise, looks good. Acked-by: Christian Brauner <redacted>