Terribly sorry, apparently I was too early. I intend to use the post_graft call to initialize the security label on the root inode of the device. I was thinking do_loopback was still used for loopback devices (silly me), which is why the post_graft is in there. But do_add_mount is actually used for loopback devices, and do_loopback is only used for bind mounts. This means the 'root' inode of the new mount is already assigned a security label, as I mentioned earlier. So as far as I'm concerned, we could remove the post_graft call from do_loopback, and rename the other to something else, perhaps simply add_mount or label_root_inode. But maybe someone else would want to use the post_graft calls, even for bind mounts, to do something with the new vfsmount. In this case, as David Wagner suggested, the post_graft should probably be moved to the end of the post_graft call. If noone speaks up saying they want this, then I'll ask Greg or Chris or whoever to get rid of the call in do_loopback. thanks, -serge > On Mon, Jul 09, 2001 at 03:34:46PM -0400, Serge E. Hallyn wrote: > > Here is the patch which introduces 3 new hooks to replace > > attach_pathlabel. I've tested it with a dummy lsm-based dte > > system with very simple static policy. > > Looks good. Thanks for the post_rootmount hook. > Applied. > > greg k-h > > _______________________________________________ > linux-security-module mailing list > linux-security-moduleat_private > http://mail.wirex.com/mailman/listinfo/linux-security-module _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Tue Jul 10 2001 - 10:08:27 PDT