erofs: impersonate the opener's credentials when accessing backing file - wireguard-linux

diff options

author	Tatsuyuki Ishi <ishitatsuyuki@google.com>	2025-06-12 19:18:25 +0900
committer	Gao Xiang <hsiangkao@linux.alibaba.com>	2025-06-18 13:40:48 +0800
commit	905eeb2b7c33adda23a966aeb811ab4cb9e62031 (patch)
tree	fd8bc4ad96d71f3e9f9c06a766b7c84f09255fa4 /tools/perf/scripts/python/export-to-postgresql.py
parent	Linux 6.16-rc1 (diff)
download	wireguard-linux-905eeb2b7c33adda23a966aeb811ab4cb9e62031.tar.xz wireguard-linux-905eeb2b7c33adda23a966aeb811ab4cb9e62031.zip

erofs: impersonate the opener's credentials when accessing backing file

Previously, file operations on a file-backed mount used the current process' credentials to access the backing FD. Attempting to do so on Android lead to SELinux denials, as ACL rules on the backing file (e.g. /system/apex/foo.apex) is restricted to a small set of process. Arguably, this error is redundant and leaking implementation details, as access to files on a mount is already ACL'ed by path. Instead, override to use the opener's cred when accessing the backing file. This makes the behavior similar to a loop-backed mount, which uses kworker cred when accessing the backing file and does not cause SELinux denials. Signed-off-by: Tatsuyuki Ishi <ishitatsuyuki@google.com> Reviewed-by: Gao Xiang <hsiangkao@linux.alibaba.com> Reviewed-by: Hongbo Li <lihongbo22@huawei.com> Link: https://lore.kernel.org/r/20250612-b4-erofs-impersonate-v1-1-8ea7d6f65171@google.com Signed-off-by: Gao Xiang <hsiangkao@linux.alibaba.com>

Diffstat (limited to 'tools/perf/scripts/python/export-to-postgresql.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: