* Serge E. Hallyn (hallynat_private) wrote: > > > label. Is attaching a tree to the namespace something that needs to be > > > mediated, or simply recorded? > > > > > > > Anyone using a security policy that derives inode security > > information from the namespace needs to follow additions and removals > > in the namespace, not just references to superblocks. > > We do it that way for one. > > He's not asking whether we want record, but whether we are willing > *only* to record, and not mediate. Yeah, exactly. > If we only record, DTE can no longer say "this fs can't be mounted under > this pathname." But it does make for a far cleaner patch, and I can > still intercept the attach in order to pretend it was mounted elsewhere. I think this is still possible because the code paths look like: namespace_operation if(check_sb() is ok) attach_mnt() [post_addmount() as side effect] > So, given how much cleaner Chris' patch is, I'd say simply recording is > the better way to go. so could we get rid of the check_sb stage? btw, that patch is old and completely untested...just a conceptual thing ;-) zzZZ, -chris -- Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Mon Sep 30 2002 - 02:26:14 PDT