On Sun, Nov 01, 2020 at 02:48:09PM +0000, Christoph Hellwig wrote: > > /** > > * capable_wrt_inode_uidgid - Check nsown_capable and uid and gid mapped > > * @inode: The inode in question > > @@ -501,9 +513,7 @@ bool privileged_wrt_inode_uidgid(struct user_namespace > > *ns, const struct inode * > > */ > > bool capable_wrt_inode_uidgid(const struct inode *inode, int cap) > > { > > + return capable_wrt_mapped_inode_uidgid(&init_user_ns, inode, cap); > > } > > EXPORT_SYMBOL(capable_wrt_inode_uidgid); > > Please avoid these silly wrappers and just switch all callers to pass > the namespaces instead of creating boilerplate code. Same for the other > functions where you do this even even worse the method calls.
Christoph, Thanks for the review! Ok, so I'll switch: - all helpers to take an additional argument (capable_wrt_inode_uidgid()/inode_permission()/vfs_*() etc.) - all inode method calls to take an additional argument (I assume that's what you're referring to: ->create()/->mknod()/->mkdir() etc.) I've always assumed that this is what we'd be doing in the end anyway (I've mentioned it in the commit message for the inode_operations method's. This will be a bit of work but we can get that done!) -- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.com/mailman/listinfo/linux-audit