efivarfs: Add uid/gid mount options

Allow UEFI variables to be modified by non-root processes in order to run sandboxed code. This doesn't change the behavior of mounting efivarfs unless uid/gid are specified; by default both are set to root. Signed-off-by: Jiao Zhou <jiaozhou@google.com> Acked-by: Matthew Garrett <mgarrett@aurora.tech> Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
author: Jiao Zhou <jiaozhou@google.com> 2023-10-20 01:46:39 +0300
committer: Ard Biesheuvel <ardb@kernel.org> 2023-10-20 01:47:18 +0300
commit: 5329aa5101f73c451bcd48deaf3f296685849d9c (patch)
tree: ec9c0fe5ebf3675c6385db7a49994affc2ede172 /fs/efivarfs/inode.c
parent: 0bb80ecc33a8fb5a682236443c1e740d5c917d1d (diff)
download: linux-5329aa5101f73c451bcd48deaf3f296685849d9c.tar.xz
1 files changed, 4 insertions, 0 deletions
diff --git a/fs/efivarfs/inode.c b/fs/efivarfs/inode.c
index db9231f0e77b..92e5e060e0ee 100644
--- a/fs/efivarfs/inode.c
+++ b/fs/efivarfs/inode.c
@@ -21,8 +21,12 @@ struct inode *efivarfs_get_inode(struct super_block *sb,
 				dev_t dev, bool is_removable)
 {
 	struct inode *inode = new_inode(sb);
+	struct efivarfs_fs_info *fsi = sb->s_fs_info;
+	struct efivarfs_mount_opts *opts = &fsi->mount_opts;
 
 	if (inode) {
+		inode->i_uid = opts->uid;
+		inode->i_gid = opts->gid;
 		inode->i_ino = get_next_ino();
 		inode->i_mode = mode;
 		inode->i_atime = inode->i_mtime = inode_set_ctime_current(inode);
author	Jiao Zhou <jiaozhou@google.com>	2023-10-20 01:46:39 +0300
committer	Ard Biesheuvel <ardb@kernel.org>	2023-10-20 01:47:18 +0300
commit	5329aa5101f73c451bcd48deaf3f296685849d9c (patch)
tree	ec9c0fe5ebf3675c6385db7a49994affc2ede172 /fs/efivarfs/inode.c
parent	0bb80ecc33a8fb5a682236443c1e740d5c917d1d (diff)
download	linux-5329aa5101f73c451bcd48deaf3f296685849d9c.tar.xz