Revert "ima: Introduce ima namespace" (c360ef15) · Commits · EulixOS / Software / Kernel

fs/proc/namespaces.c

+0 −4

Original line number	Diff line number	Diff line
		@@ -37,10 +37,6 @@ static const struct proc_ns_operations *ns_entries[] = {
		&timens_operations,
		&timens_for_children_operations,
		#endif
		#ifdef CONFIG_IMA_NS
		&imans_operations,
		&imans_for_children_operations,
		#endif
		};

		static const char proc_ns_get_link(struct dentry dentry,

+0 −57

Original line number	Diff line number	Diff line
		@@ -13,9 +13,6 @@
		#include <linux/kexec.h>
		struct linux_binprm;

		struct nsproxy;
		struct task_struct;

		#ifdef CONFIG_IMA
		extern int ima_bprm_check(struct linux_binprm *bprm);
		extern int ima_file_check(struct file *file, int mask);
		@@ -200,58 +197,4 @@ static inline bool ima_appraise_signature(enum kernel_read_file_id func)
		return false;
		}
		#endif /* CONFIG_IMA_APPRAISE && CONFIG_INTEGRITY_TRUSTED_KEYRING */

		struct ima_namespace {
		struct kref kref;
		struct ns_common ns;
		struct ucounts *ucounts;
		struct user_namespace *user_ns;
		} __randomize_layout;

		extern struct ima_namespace init_ima_ns;

		#ifdef CONFIG_IMA_NS
		struct ima_namespace *copy_ima_ns(unsigned long flags,
		struct user_namespace *user_ns,
		struct ima_namespace *old_ns);

		void free_ima_ns(struct kref *kref);

		int imans_on_fork(struct nsproxy nsproxy, struct task_struct tsk);

		static inline struct ima_namespace get_ima_ns(struct ima_namespace ns)
		{
		if (ns)
		kref_get(&ns->kref);
		return ns;
		}
		static inline void put_ima_ns(struct ima_namespace *ns)
		{
		if (ns)
		kref_put(&ns->kref, free_ima_ns);
		}

		#else
		static inline struct ima_namespace *copy_ima_ns(unsigned long flags,
		struct user_namespace *user_ns,
		struct ima_namespace *old_ns)
		{
		return old_ns;
		}

		static inline int imans_on_fork(struct nsproxy *nsproxy,
		struct task_struct *tsk)
		{
		return 0;
		}

		static inline struct ima_namespace get_ima_ns(struct ima_namespace ns)
		{
		return ns;
		}

		static inline void put_ima_ns(struct ima_namespace *ns)
		{
		}
		#endif /* CONFIG_IMA_NS */
		#endif /* _LINUX_IMA_H */

+0 −3

Original line number	Diff line number	Diff line
		@@ -10,7 +10,6 @@ struct uts_namespace;
		struct ipc_namespace;
		struct pid_namespace;
		struct cgroup_namespace;
		struct ima_namespace;
		struct fs_struct;

		/*
		@@ -39,8 +38,6 @@ struct nsproxy {
		struct time_namespace *time_ns;
		struct time_namespace *time_ns_for_children;
		struct cgroup_namespace *cgroup_ns;
		struct ima_namespace *ima_ns;
		struct ima_namespace *ima_ns_for_children;
		};
		extern struct nsproxy init_nsproxy;

+1 −4

Original line number	Diff line number	Diff line
		@@ -16,7 +16,7 @@ struct inode;
		struct proc_ns_operations {
		const char *name;
		const char *real_ns_name;
		uint64_t type;
		int type;
		struct ns_common (get)(struct task_struct *task);
		void (put)(struct ns_common ns);
		int (install)(struct nsset nsset, struct ns_common *ns);
		@@ -34,8 +34,6 @@ extern const struct proc_ns_operations mntns_operations;
		extern const struct proc_ns_operations cgroupns_operations;
		extern const struct proc_ns_operations timens_operations;
		extern const struct proc_ns_operations timens_for_children_operations;
		extern const struct proc_ns_operations imans_operations;
		extern const struct proc_ns_operations imans_for_children_operations;

		/*
		* We always define these enumerators
		@@ -48,7 +46,6 @@ enum {
		PROC_PID_INIT_INO = 0xEFFFFFFCU,
		PROC_CGROUP_INIT_INO = 0xEFFFFFFBU,
		PROC_TIME_INIT_INO = 0xEFFFFFFAU,
		PROC_IMA_INIT_INO = 0xEFFFFFF9U,
		};

		#ifdef CONFIG_PROC_FS

+0 −1