> > Unless someone else needs to mediate? > > It looks like you are proposing that it should no longer be possible > to veto a loopback mount with an LSM security hook, and that > only controls for do_kern_mount() should remain. Frankly, I'm hoping that someone, like you, will say you need the mediation :) > but we need to be able to veto a loopback mount too (mediate), > so I'd be against that. Thank you. > BTW, in Serge and Chris's patches moving the sb_post_addmount hook > from the end of graft_tree() into attach_mount() means that it > would be called with the dcache_lock held - whereas before Yup. > it wasn't. It also means that sb_post_addmount() might be called > multiple times on one mount (via copy_tree()). Yup. _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Tue Oct 01 2002 - 02:55:19 PDT