On Mon, 30 Sep 2002, Chris Wright wrote:
> static void detach_mnt(struct vfsmount *mnt, struct nameidata *old_nd)
> {
> + /* XXX dcache lock held */
> + security_ops->sb_umount_close(mnt);
At present, SELinux uses the sb_umount_close() hook to release the
the persistent label mapping files on the filesystem prior to the busy
filesystem check during an umount. I don't think we want this hook called
in detach_mnt; it is analagous to the acct_auto_close() that occurs on the
umount code path for closing the accounting files.
> + /* XXX this should be obsolete now */
> security_ops->sb_post_pivotroot(&user_nd, &new_nd);
I think that we still need this hook to perform the initial policy load
from the real root filesystem after a pivot_root when an initrd is used.
I had thought that it might be obsoleted by the namespace initialization
changes in 2.4.19 and the relocation of sb_post_mountroot, but it still
seems to be necessary for certain initrd boots.
--
Stephen D. Smalley, NAI Labs
ssmalleyat_private
_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Mon Sep 30 2002 - 05:37:20 PDT