Hi Eric,
Today's linux-next merge of the userns tree got a conflict in
security/integrity/ima/ima_policy.c between commit 07f6a79415d7 ("ima:
add appraise action keywords and default rules") from the security tree
and commit 8b94eea4bfb8 ("userns: Add user namespace support to IMA") from
the userns tree.I fixed it up (see below) but it probably needs more and can carry the fix as necessary (no action is required). -- Cheers, Stephen Rothwell [email protected] diff --cc security/integrity/ima/ima_policy.c index cda9031,c84df05..0000000 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c @@@ -45,8 -39,7 +45,8 @@@ struct ima_rule_entry enum ima_hooks func; int mask; unsigned long fsmagic; - uid_t uid; + kuid_t uid; + uid_t fowner; struct { void *rule; /* LSM file metadata specific */ int type; /* audit type */ @@@ -141,10 -112,8 +141,10 @@@ static bool ima_match_rules(struct ima_ if ((rule->flags & IMA_FSMAGIC) && rule->fsmagic != inode->i_sb->s_magic) return false; - if ((rule->flags & IMA_UID) && rule->uid != cred->uid) + if ((rule->flags & IMA_UID) && !uid_eq(rule->uid, cred->uid)) return false; + if ((rule->flags & IMA_FOWNER) && rule->fowner != inode->i_uid) + return false; for (i = 0; i < MAX_LSM_RULES; i++) { int rc = 0; u32 osid, sid; @@@ -336,8 -277,7 +336,8 @@@ static int ima_parse_rule(char *rule, s ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_INTEGRITY_RULE); - entry->uid = -1; + entry->uid = INVALID_UID; + entry->fowner = -1; entry->action = UNKNOWN; while ((p = strsep(&rule, " \t")) != NULL) { substring_t args[MAX_OPT_ARGS];
pgpPBvqyKLYsz.pgp
Description: PGP signature
