* Greg KH (gregat_private) wrote: > On Tue, Jul 03, 2001 at 05:00:32PM -0400, Stephen Smalley wrote: > > > That's a problem for SELinux. In 2.4.5, security_ops->add_vfsmnt was > > called by the do_mount function just prior to calling add_vfsmnt. At > > that point, the super_block is available, so SELinux could read the > > persistent label mapping from the file system and perform some > > permission checks based on the label of the file system and the > > label of the root directory of that file system. We need some > > equivalent in 2.4.6. I guess we'll have to look into the right > > location to insert it (and perhaps rename the hook to be more > > clear). > > Ok, I'll drop the current stub and let me know if you find a place that > you can hook into with the correct info. You also might want to verify > all of your vfs hooks, as things have moved around. > > > It might be nice to explicitly mention when you drop a hook during > > a merge so we can look into how to address it. > > Blame Chris for this one :) yes, this is my fault. i meant to send out an email that specifically addressed the changes in the superblock code. they were fairly significant (in the vfs). the kernel code is definitely cleaner now, and some of our code may need some general changes to mirror the kernel changes. in particular, i'd like to review at all the mount/umount hooks and see if we can't push them into the superblock security operations. it would be nice to figure out how to better leverage the existing kernel abstraction. -chris _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Thu Jul 05 2001 - 08:47:21 PDT