Re: [RFC][PATCH] super block [alloc|free]_security

From: Serge E. Hallyn (hallynat_private)
Date: Wed Dec 19 2001 - 12:14:14 PST

  • Next message: Serge E. Hallyn: "Re: 2.5 and mount MS_MOVE"

    Seems to me if we're going to have an alloc_security hook anywhere, it
    should catch all cases.  Of course, we could just get rid of the hook,
    which would have the advantages of less intrusiveness, and, as we're
    noticing right now, less maintenance effort.  But aesthetically, I
    certainly prefer having the hooks in.
    But why do I get the feeling Al Viro is going to make the next few weeks
    hell for us :-)
    > > same patch for lsm-2.4.  currently lsm-2.4 appears to miss the mount cases for
    > > get_sb_bdev() (normal block device) and get_sb_single() (single sb, like
    > > /proc, devfs, etc), since they have moved to calling fs_type->read_super()
    > > directly.
    > >
    > > comments?
    > Looks fine.  SELinux just allocates the security blob on the first
    > attempted use anyway (via its precondition functions) if it wasn't caught
    > by an alloc_security hook.
    > --
    > Stephen D. Smalley, NAI Labs
    > ssmalleyat_private
    linux-security-module mailing list

    This archive was generated by hypermail 2b30 : Wed Dec 19 2001 - 12:15:29 PST