Seems to me if we're going to have an alloc_security hook anywhere, it should catch all cases. Of course, we could just get rid of the hook, which would have the advantages of less intrusiveness, and, as we're noticing right now, less maintenance effort. But aesthetically, I certainly prefer having the hooks in. But why do I get the feeling Al Viro is going to make the next few weeks hell for us :-) -serge > > same patch for lsm-2.4. currently lsm-2.4 appears to miss the mount cases for > > get_sb_bdev() (normal block device) and get_sb_single() (single sb, like > > /proc, devfs, etc), since they have moved to calling fs_type->read_super() > > directly. > > > > comments? > > Looks fine. SELinux just allocates the security blob on the first > attempted use anyway (via its precondition functions) if it wasn't caught > by an alloc_security hook. > > -- > Stephen D. Smalley, NAI Labs > ssmalleyat_private _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Wed Dec 19 2001 - 12:15:29 PST