On Mon, 30 Sep 2002, Chris Wright wrote: > static void detach_mnt(struct vfsmount *mnt, struct nameidata *old_nd) > { > + /* XXX dcache lock held */ > + security_ops->sb_umount_close(mnt); At present, SELinux uses the sb_umount_close() hook to release the the persistent label mapping files on the filesystem prior to the busy filesystem check during an umount. I don't think we want this hook called in detach_mnt; it is analagous to the acct_auto_close() that occurs on the umount code path for closing the accounting files. > + /* XXX this should be obsolete now */ > security_ops->sb_post_pivotroot(&user_nd, &new_nd); I think that we still need this hook to perform the initial policy load from the real root filesystem after a pivot_root when an initrd is used. I had thought that it might be obsoleted by the namespace initialization changes in 2.4.19 and the relocation of sb_post_mountroot, but it still seems to be necessary for certain initrd boots. -- Stephen D. Smalley, NAI Labs ssmalleyat_private _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Mon Sep 30 2002 - 05:37:20 PDT