On Thu, Sep 06, 2001 at 12:37:42PM -0700, Chris Wright wrote: > * Greg KH (gregat_private) wrote: > > On Thu, Sep 06, 2001 at 11:07:45AM -0700, Chris Wright wrote: > > > > > > p.s. in fact i see no good reason not to move the lsm umount hook to > > > sys_umount. that way it is not within the BKL. any objections? > > > > You need it there for the change_root call. > > are you sure? before lsm, there was no security check in the > change_root/do_umount code path. isn't that just used when switching > from your initrd to the real root device during bootup? this is > getting close to a secure boot sequence ;-) There didn't need to be any check, as it is an __init call, and /sbin/init isn't even started yet when it is called. So any SYS_ADMIN check at that time would have been redundant. I'd leave it there, as the initrd boot sequence is going to be a big part of the 2.5 changes, and lots of things will be happening at that time. thanks, greg k-h _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Thu Sep 06 2001 - 13:43:28 PDT