On Mon, Aug 1, 2022 at 7:00 PM Alexei Starovoitov
[off-list ref] wrote:

On Mon, Aug 01, 2022 at 01:01:44PM -0500, Frederick Lawler wrote:

quoted

Users may want to audit calls to security_create_user_ns() and access
user space memory. Also create_user_ns() runs without
pagefault_disabled(). Therefore, make bpf_lsm_userns_create() sleepable
for mandatory access control policies.

Signed-off-by: Frederick Lawler <redacted>
Acked-by: Christian Brauner (Microsoft) <brauner@kernel.org>

We can take this set through bpf-next tree if it's easier.

Thanks Alexei, but I'm currently planning to merge it into the LSM
next branch once the merge window closes.

Or if it goes through other trees:
Acked-by: Alexei Starovoitov <ast@kernel.org>

I appreciate the review/ACK, would you mind reviewing the tests too (patch 3/4)?

-- 
paul-moore.com