Re: [PATCH 07/34] capability: handle idmapped mounts
On Sun, Nov 01, 2020 at 02:48:09PM +0000, Christoph Hellwig wrote:
> /**
> * capable_wrt_inode_uidgid - Check nsown_capable and uid and gid mapped
> * @inode: The inode in question
> @@ -501,9 +513,7 @@ bool privileged_wrt_inode_uidgid(struct user_namespace *ns,
const struct inode *
> */
> bool capable_wrt_inode_uidgid(const struct inode *inode, int cap)
> {
> + return capable_wrt_mapped_inode_uidgid(&init_user_ns, inode, cap);
> }
> EXPORT_SYMBOL(capable_wrt_inode_uidgid);
Please avoid these silly wrappers and just switch all callers to pass
the namespaces instead of creating boilerplate code. Same for the other
functions where you do this even even worse the method calls.
Christoph,
Thanks for the review!
Ok, so I'll switch:
- all helpers to take an additional argument
(capable_wrt_inode_uidgid()/inode_permission()/vfs_*() etc.)
- all inode method calls to take an additional argument (I assume that's
what you're referring to: ->create()/->mknod()/->mkdir() etc.)
I've always assumed that this is what we'd be doing in the end anyway
(I've mentioned it in the commit message for the inode_operations
method's. This will be a bit of work but we can get that done!)