Re: checking superblock

From: Greg KH (gregat_private)
Date: Fri Oct 19 2001 - 13:44:17 PDT

  • Next message: richard offer: "Authoritative hooks incorporating Chris's review comments"

    On Fri, Oct 19, 2001 at 03:03:52PM -0400, Serge E. Hallyn wrote:
    > As the lsm code stands, we cannot use (as far as I can tell) the
    > device major and minor numbers to decide whether to permit/deny
    > mounting.  At the sb_ops->mount() check, we only have the device
    > name, which may be misleading.  How would people feel about adding
    > a hook in fs/namespace.c:657:
    > 
    > if (security_ops->sb_ops->check_sb(mnt->mnt_sb, nd))
    > 	goto unlock;
    > 
    
    Looks like a good place to put a hook (with Stephan's suggestion.)
    
    > I ask before submitting a patch because I get the feeling people
    > see lsm as being pretty set in stone...
    
    Not if people find places to put useful hooks like this one :)
    
    thanks,
    
    greg k-h
    
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Fri Oct 19 2001 - 13:54:22 PDT