would it be useful to add a new hook for this new mount option? the
superblock hasn't changed, but the mount point has.
see fs/namespace.c::do_move_mount(). a hook in attach_mnt() would get
this case as well as the pivot_root() case. however this would effect
graft_tree(), which we don't hook in to avoid the MS_BIND case (iirc).
moving the check_sb() and post_add_mount() hooks into graft_tree() ought
to do it. and check_sb() would have to notice if sb->s_security had
already been initialized.
comments/flames?
thanks,
-chris
===== namespace.c 1.11 vs edited =====
--- 1.11/fs/namespace.c Mon Dec 17 00:07:10 2001
+++ edited/namespace.c Tue Dec 18 21:45:57 2001
@@ -480,6 +480,10 @@
if (IS_DEADDIR(nd->dentry->d_inode))
goto out_unlock;
+ err = security_ops->sb_ops->check_sb(mnt, nd);
+ if (err)
+ goto out_unlock;
+
spin_lock(&dcache_lock);
if (IS_ROOT(nd->dentry) || !d_unhashed(nd->dentry)) {
struct list_head head;
@@ -492,6 +496,8 @@
spin_unlock(&dcache_lock);
out_unlock:
up(&nd->dentry->d_inode->i_zombie);
+ if (!err)
+ security_ops->sb_ops->post_addmount(mnt, nd);
return err;
}
@@ -651,12 +657,7 @@
goto unlock;
mnt->mnt_flags = mnt_flags;
- err = security_ops->sb_ops->check_sb(mnt, nd);
- if (err)
- goto unlock;
err = graft_tree(mnt, nd);
- if (!err)
- security_ops->sb_ops->post_addmount(mnt, nd);
unlock:
up(&mount_sem);
mntput(mnt);
_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Tue Dec 18 2001 - 21:48:20 PST