Re: [RFC][PATCH] super block [alloc|free]_security

From: Stephen Smalley (sdsat_private)
Date: Mon Dec 17 2001 - 11:21:58 PST

  • Next message: Stephen Smalley: "Re: [Linux-security-module-commit] lsm 2.5 tree change 1.2.1.19 1.2.1.20 1.2.1.21 1.2.1.22 1.2.1.23 1.2.1.24 1.2.1.25 1.2.1.26 1.2.1.27 1.2.1.28 1.2.1.29 1.2.1.30 1.294 1.295 1.296 1.297 1.298 1.299 1"

    On Mon, 17 Dec 2001, Greg KH wrote:
    
    > Problem with your patch is that the super_block is empty of any
    > information that the security module previously thought it had access
    > to.  This change is fine with me, but people who have to maintain LSM
    > modules might not like it :)
    >
    > Any other opinions?
    
    I think that this is ok - the super_block alloc_security hook should just
    allocate the security blob and not be dependent on having any specific
    information about the super_block, like most of the other alloc_security
    hooks.  The check_sb hook and post_addmount hooks can be used by the
    security module to perform access control and update state based on more
    information.
    
    --
    Stephen D. Smalley, NAI Labs
    ssmalleyat_private
    
    
    
    
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Mon Dec 17 2001 - 11:23:19 PST