checking superblock

• Previous message: richard offer: "Re: Updated auth patch for 2.4.12 - kernel/module.c"
• Next in thread: Stephen Smalley: "Re: checking superblock"
• Reply: Stephen Smalley: "Re: checking superblock"
• Reply: Greg KH: "Re: checking superblock"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

As the lsm code stands, we cannot use (as far as I can tell) the
device major and minor numbers to decide whether to permit/deny
mounting.  At the sb_ops->mount() check, we only have the device
name, which may be misleading.  How would people feel about adding
a hook in fs/namespace.c:657:

if (security_ops->sb_ops->check_sb(mnt->mnt_sb, nd))
	goto unlock;

?

I ask before submitting a patch because I get the feeling people
see lsm as being pretty set in stone...

-serge

_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module

• Next message: Stephen Smalley: "Re: checking superblock"
• Previous message: richard offer: "Re: Updated auth patch for 2.4.12 - kernel/module.c"
• Next in thread: Stephen Smalley: "Re: checking superblock"
• Reply: Stephen Smalley: "Re: checking superblock"
• Reply: Greg KH: "Re: checking superblock"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Oct 19 2001 - 12:05:24 PDT