www.infradead.org Git - users/dwmw2/linux.git/commit

author	Linus Torvalds <torvalds@linux-foundation.org>
	Mon, 24 Mar 2025 17:37:40 +0000 (10:37 -0700)
committer	Linus Torvalds <torvalds@linux-foundation.org>
	Mon, 24 Mar 2025 17:37:40 +0000 (10:37 -0700)
commit	804382d59b81b331735d37a18149ea0d36d5936a
tree	8285c9847fa27f6ebaff7f89b64b98f4ed22c199	tree
parent	0ec0d4ecdd8bda4d55c5ba7b11b1595df36e3179	commit \| diff
parent	9c27e5cc39bb7848051c42500207aa3a7f63558c	commit \| diff

Merge tag 'vfs-6.15-rc1.overlayfs' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs

Pull vfs overlayfs updates from Christian Brauner:
"Currently overlayfs uses the mounter's credentials for its
  override_creds() calls. That provides a consistent permission model.

  This patches allows a caller to instruct overlayfs to use its
  credentials instead. The caller must be located in the same user
  namespace hierarchy as the user namespace the overlayfs instance will
  be mounted in. This provides a consistent and simple security model.

  With this it is possible to e.g., mount an overlayfs instance where
  the mounter must have CAP_SYS_ADMIN but the credentials used for
  override_creds() have dropped CAP_SYS_ADMIN. It also allows the usage
  of custom fs{g,u}id different from the callers and other tweaks"

* tag 'vfs-6.15-rc1.overlayfs' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs:
  selftests/ovl: add third selftest for "override_creds"
  selftests/ovl: add second selftest for "override_creds"
  selftests/filesystems: add utils.{c,h}
  selftests/ovl: add first selftest for "override_creds"
  ovl: allow to specify override credentials