Commit 9cf5b2e8 authored by Krzysztof Struczynski's avatar Krzysztof Struczynski Committed by Zheng Zengkai
Browse files

ima: Bind ima namespace to the file descriptor 

hulk inclusion
category: feature
bugzilla: https://gitee.com/openeuler/kernel/issues/I49KW1


CVE: NA

--------------------------------

IMA namespace reference will be required in ima_file_free() to check
the policy and find inode integrity data for the correct ima namespace.
ima_file_free() is called on __fput(), and __fput() may be called after
releasing namespaces in exit_task_namespaces() in do_exit() and
therefore nsproxy reference cannot be used - it is already set to NULL.

This is a preparation for namespacing policy and inode integrity data.

Signed-off-by: default avatarKrzysztof Struczynski <krzysztof.struczynski@huawei.com>
Reviewed-by: default avatarZhang Tianxing <zhangtianxing3@huawei.com>
Signed-off-by: default avatarZheng Zengkai <zhengzengkai@huawei.com>
parent ee67fcbf
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment