Merge tag 'driver-core-5.12-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git...

[linux-2.6-microblaze.git] / security / apparmor / lsm.c

diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
index 1b0aba8..240a533 100644 (file)
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -224,8 +224,10 @@ static int common_perm(const char *op, const struct path *path, u32 mask,
  */
 static int common_perm_cond(const char *op, const struct path *path, u32 mask)
 {
-       struct path_cond cond = { d_backing_inode(path->dentry)->i_uid,
-                                 d_backing_inode(path->dentry)->i_mode
+       struct user_namespace *mnt_userns = mnt_user_ns(path->mnt);
+       struct path_cond cond = {
+               i_uid_into_mnt(mnt_userns, d_backing_inode(path->dentry)),
+               d_backing_inode(path->dentry)->i_mode
        };
 
        if (!path_mediated_fs(path->dentry))
@@ -266,12 +268,13 @@ static int common_perm_rm(const char *op, const struct path *dir,
                          struct dentry *dentry, u32 mask)
 {
        struct inode *inode = d_backing_inode(dentry);
+       struct user_namespace *mnt_userns = mnt_user_ns(dir->mnt);
        struct path_cond cond = { };
 
        if (!inode || !path_mediated_fs(dentry))
                return 0;
 
-       cond.uid = inode->i_uid;
+       cond.uid = i_uid_into_mnt(mnt_userns, inode);
        cond.mode = inode->i_mode;
 
        return common_perm_dir_dentry(op, dir, dentry, mask, &cond);
@@ -361,12 +364,14 @@ static int apparmor_path_rename(const struct path *old_dir, struct dentry *old_d
 
        label = begin_current_label_crit_section();
        if (!unconfined(label)) {
+               struct user_namespace *mnt_userns = mnt_user_ns(old_dir->mnt);
                struct path old_path = { .mnt = old_dir->mnt,
                                         .dentry = old_dentry };
                struct path new_path = { .mnt = new_dir->mnt,
                                         .dentry = new_dentry };
-               struct path_cond cond = { d_backing_inode(old_dentry)->i_uid,
-                                         d_backing_inode(old_dentry)->i_mode
+               struct path_cond cond = {
+                       i_uid_into_mnt(mnt_userns, d_backing_inode(old_dentry)),
+                       d_backing_inode(old_dentry)->i_mode
                };
 
                error = aa_path_perm(OP_RENAME_SRC, label, &old_path, 0,
@@ -420,8 +425,12 @@ static int apparmor_file_open(struct file *file)
 
        label = aa_get_newest_cred_label(file->f_cred);
        if (!unconfined(label)) {
+               struct user_namespace *mnt_userns = file_mnt_user_ns(file);
                struct inode *inode = file_inode(file);
-               struct path_cond cond = { inode->i_uid, inode->i_mode };
+               struct path_cond cond = {
+                       i_uid_into_mnt(mnt_userns, inode),
+                       inode->i_mode
+               };
 
                error = aa_path_perm(OP_OPEN, label, &file->f_path, 0,
                                     aa_map_file_to_perms(file), &cond);