On Mon, Aug 1, 2022 at 7:00 PM Alexei Starovoitov alexei.starovoitov@gmail.com wrote:
On Mon, Aug 01, 2022 at 01:01:44PM -0500, Frederick Lawler wrote:
Users may want to audit calls to security_create_user_ns() and access user space memory. Also create_user_ns() runs without pagefault_disabled(). Therefore, make bpf_lsm_userns_create() sleepable for mandatory access control policies.
Signed-off-by: Frederick Lawler fred@cloudflare.com Acked-by: Christian Brauner (Microsoft) brauner@kernel.org
We can take this set through bpf-next tree if it's easier.
Thanks Alexei, but I'm currently planning to merge it into the LSM next branch once the merge window closes.
Or if it goes through other trees: Acked-by: Alexei Starovoitov ast@kernel.org
I appreciate the review/ACK, would you mind reviewing the tests too (patch 3/4)?