Re: [RFC][PATCH] super block [alloc|free]_security

From: Serge E. Hallyn (hallynat_private)
Date: Tue Dec 18 2001 - 12:53:44 PST

  • Next message: Stephen Smalley: "Re: post_mountroot"

    This seems clean.  It's how DTE is working at the moment, with post_addmount
    being the main init workhorse.
    Quoting Stephen Smalley (sdsat_private):
    > On Mon, 17 Dec 2001, Greg KH wrote:
    > > Problem with your patch is that the super_block is empty of any
    > > information that the security module previously thought it had access
    > > to.  This change is fine with me, but people who have to maintain LSM
    > > modules might not like it :)
    > >
    > > Any other opinions?
    > I think that this is ok - the super_block alloc_security hook should just
    > allocate the security blob and not be dependent on having any specific
    > information about the super_block, like most of the other alloc_security
    > hooks.  The check_sb hook and post_addmount hooks can be used by the
    > security module to perform access control and update state based on more
    > information.
    > --
    > Stephen D. Smalley, NAI Labs
    > ssmalleyat_private
    linux-security-module mailing list

    This archive was generated by hypermail 2b30 : Tue Dec 18 2001 - 12:54:20 PST