On Wed, Sep 18, 2002 at 11:00:50AM -0400, Stephen Smalley wrote: > > The attached patches add an inode_init hook to permit initialization of > the inode security information for pipe, shmem, and devpts inodes at a > point where sufficient information is available to perform such > initialization. This hook reduces the dependency on inode_precondition > to catch uninitialized security information for such inodes. Comments? Does this mean that hooks like these are going to have to be added to every filesystem that does their own inode initialization, like devpts? Now that some developers {cough, cough} understand the vfs better, some of the in-kernel filesystems are starting to go around the vfs to solve real problems. Will they also need to be modified like this? (as an example, look at how usbfs and driverfs have changed over the past few months...) Hm, in looking at this further, why doesn't the hook in alloc_inode() catch these instances? It is called right before you are wanting inode_init() to be called. thanks, greg k-h _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Wed Sep 18 2002 - 22:44:35 PDT