On Tue, 3 Jul 2001, Greg KH wrote: > add_vfsmnt() is only called when the root partition is being mounted > during mount_init(). Because of this I think we can just drop the > add_vfsmnt() security call. > > Anyone object to this? That's a problem for SELinux. In 2.4.5, security_ops->add_vfsmnt was called by the do_mount function just prior to calling add_vfsmnt. At that point, the super_block is available, so SELinux could read the persistent label mapping from the file system and perform some permission checks based on the label of the file system and the label of the root directory of that file system. We need some equivalent in 2.4.6. I guess we'll have to look into the right location to insert it (and perhaps rename the hook to be more clear). > And yes, the vfs went through some radical changes in 2.4.6-preX. > That's why I pushed to do the merge sooner. The security hooks there > need to be revisited by people who care about these things :) It might be nice to explicitly mention when you drop a hook during a merge so we can look into how to address it. -- Stephen D. Smalley, NAI Labs ssmalleyat_private _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Tue Jul 03 2001 - 14:02:23 PDT