On Tue, 2022-02-01 at 15:37 -0500, Stefan Berger wrote:Ah, left-over from previous version. Remove.
Define the ima_namespace structure and the ima_namespace variableImplement the basic functions - ima_ns_init() and ima_init_namespace()
init_ima_ns for the host's IMA namespace. Implement basic functions for
namespacing support.
- for namespacing support.
Move variables related to the IMA policy into the ima_namespace. This wayCurrently, ima_ns_from_file() doesn't exist in this patch.
the IMA policy of an IMA namespace can be set and displayed using a
front-end like securityfs.
Implement ima_ns_from_file() to get the IMA namespace via the user
namespace of the securityfs superblock that a file belongs to.
Done.
To get the current ima_namespace use &init_ima_ns when a functionIn preparation for IMA namespacing, update the existing functions to
that is related to a policy rule is called.
pass the ima_namespace struct. For now, ...
After addressing the one inline comment,
Signed-off-by: Stefan Berger <stefanb@xxxxxxxxxxxxx>
Acked-by: Christian Brauner <brauner@xxxxxxxxxx>
Reviewed-by: Mimi Zohar <zohar@xxxxxxxxxxxxx>