www.infradead.org Git - users/jedix/linux-maple.git/commit

author	Vivek Goyal <vgoyal@redhat.com>
	Thu, 3 Aug 2017 01:10:07 +0000 (09:10 +0800)
committer	Anand Jain <anand.jain@oracle.com>
	Thu, 26 Oct 2017 08:15:29 +0000 (16:15 +0800)
commit	dd6ed20027b8e3c33bbc8206aea456f68c7fd58c
tree	20e08acc562cfa293204634fa008edc7e8b5ad15	tree
parent	9587b290aeb1397add1c19dcd428f95efd46281a	commit \| diff

security, overlayfs: provide copy up security hook for unioned files

Provide a security hook to label new file correctly when a file is copied
up from lower layer to upper layer of a overlay/union mount.

This hook can prepare a new set of creds which are suitable for new file
creation during copy up. Caller will use new creds to create file and then
revert back to old creds and release new creds.

Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
[PM: whitespace cleanup to appease checkpatch.pl]
Signed-off-by: Paul Moore <paul@paul-moore.com>
Orabug: 25684456

(backport upstream commit d8ad8b49618410ddeafd78465b63a6cedd6c9484)

Signed-off-by: Anand Jain <anand.jain@oracle.com>
Reviewed-by: James Morris <james.l.morris@oracle.com>
Acked-by: James Morris <james.l.morris@oracle.com>
Conflict fix:
include/linux/security.h
security/security.c
security/capability.c

fs/overlayfs/copy_up.c		diff \| blob \| history
include/linux/security.h		diff \| blob \| history
security/capability.c		diff \| blob \| history
security/security.c		diff \| blob \| history