Re: graft_tree/attach_mnt rfc

From: Stephen Smalley (sdsat_private)
Date: Mon Sep 30 2002 - 05:35:48 PDT

  • Next message: Stephen Smalley: "Re: [RFC] No more module_* hooks"

    On Mon, 30 Sep 2002, Chris Wright wrote:
    
    >  static void detach_mnt(struct vfsmount *mnt, struct nameidata *old_nd)
    >  {
    > +	/* XXX dcache lock held */
    > +	security_ops->sb_umount_close(mnt);
    
    At present, SELinux uses the sb_umount_close() hook to release the
    the persistent label mapping files on the filesystem prior to the busy
    filesystem check during an umount.  I don't think we want this hook called
    in detach_mnt; it is analagous to the acct_auto_close() that occurs on the
    umount code path for closing the accounting files.
    
    > +	/* XXX this should be obsolete now */
    >  	security_ops->sb_post_pivotroot(&user_nd, &new_nd);
    
    I think that we still need this hook to perform the initial policy load
    from the real root filesystem after a pivot_root when an initrd is used.
    I had thought that it might be obsoleted by the namespace initialization
    changes in 2.4.19 and the relocation of sb_post_mountroot, but it still
    seems to be necessary for certain initrd boots.
    
    --
    Stephen D. Smalley, NAI Labs
    ssmalleyat_private
    
    
    
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Mon Sep 30 2002 - 05:37:20 PDT