Re: graft_tree/attach_mnt rfc

From: Serge E. Hallyn (hallynat_private)
Date: Tue Oct 01 2002 - 02:54:26 PDT

  • Next message: Demetrios Lambrou: "Last question on rm -f unused_hooks*"

    > > Unless someone else needs to mediate?
    > 
    > It looks like you are proposing that it should no longer be possible
    > to veto a loopback mount with an LSM security hook, and that
    > only controls for do_kern_mount() should remain.
    
    Frankly, I'm hoping that someone, like you, will say you need the
    mediation :)
    
    > but we need to be able to veto a loopback mount too (mediate),
    > so I'd be against that.
    
    Thank you.
    
    > BTW, in Serge and Chris's patches moving the sb_post_addmount hook
    > from the end of graft_tree() into attach_mount() means that it
    > would be called with the dcache_lock held - whereas before
    
    Yup.
    
    > it wasn't. It also means that sb_post_addmount() might be called
    > multiple times on one mount (via copy_tree()).
    
    Yup.
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Tue Oct 01 2002 - 02:55:19 PDT