On Wed, 29 Aug 2001, Lachlan McIlroy wrote: > I've incorporated Stephen's suggestions but the superblock > (sb) is not available until after the quotactl hook so I > added it to the quota_on hook instead. Why can't you move the quotactl hook after the sb is acquired (See the attached patch, relative to yours)? If you only provide it in the quota_on hook, we can't perform access control based on the file system for any of the other quotactl commands. Thanks. -- Stephen D. Smalley, NAI Labs ssmalleyat_private --- fs/dquot.c.old Wed Aug 29 08:36:51 2001 +++ fs/dquot.c Wed Aug 29 08:37:21 2001 @@ -1541,10 +1541,6 @@ goto out; } - ret = security_ops->quotactl (cmds, type, id); - if (ret) - goto out; - ret = -EINVAL; dev = NODEV; if (special != NULL || (cmds != Q_SYNC && cmds != Q_GETSTATS)) { @@ -1564,6 +1560,10 @@ goto out; sb = get_super(dev); } + + ret = security_ops->quotactl (cmds, type, id); + if (ret) + goto out; ret = -EINVAL; switch (cmds) { _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Wed Aug 29 2001 - 05:41:48 PDT