> -----Original Message----- > From: linux-security-module-adminat_private > [mailto:linux-security-module-adminat_private]On Behalf Of > Chris Wright > Sent: Friday, September 07, 2001 5:38 AM > To: linux-security-moduleat_private > Subject: Re: quotactl hook > > > * Greg KH (gregat_private) wrote: > > On Thu, Sep 06, 2001 at 11:07:45AM -0700, Chris Wright wrote: > > > > > > p.s. in fact i see no good reason not to move the lsm > umount hook to > > > sys_umount. that way it is not within the BKL. any objections? > > > > You need it there for the change_root call. > > are you sure? before lsm, there was no security check in the > change_root/do_umount code path. isn't that just used when switching > from your initrd to the real root device during bootup? this is > getting close to a secure boot sequence ;-) > > -chris The first instance of do_umount() in change_root() doesn't check the return code. If we add more reasons for do_umount() to fail then change_root() could fall flat on its face. > > _______________________________________________ > linux-security-module mailing list > linux-security-moduleat_private > http://mail.wirex.com/mailman/listinfo/linux-security-module > --- Lachlan McIlroy Phone: +61 3 9596 4155 Trusted Linux Fax: +61 3 9596 2960 Adacel Technologies Ltd www.adacel.com _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Thu Sep 06 2001 - 18:36:32 PDT