[PATCH v4 1/3] [security] Add new hook to compare new mount to an existing mount

Paul Moore paul at paul-moore.com
Fri Mar 5 01:32:02 UTC 2021

On Tue, Mar 2, 2021 at 10:53 PM Casey Schaufler <casey at schaufler-ca.com> wrote:
> On 3/2/2021 10:20 AM, Anna Schumaker wrote:
> > Hi Casey,
> >
> > On Fri, Feb 26, 2021 at 10:40 PM Olga Kornievskaia
> > <olga.kornievskaia at gmail.com> wrote:
> >> From: Olga Kornievskaia <kolga at netapp.com>
> >>
> >> Add a new hook that takes an existing super block and a new mount
> >> with new options and determines if new options confict with an
> >> existing mount or not.
> >>
> >> A filesystem can use this new hook to determine if it can share
> >> the an existing superblock with a new superblock for the new mount.
> >>
> >> Signed-off-by: Olga Kornievskaia <kolga at netapp.com>
> > Do you have any other thoughts on this patch? I'm also wondering how
> > you want to handle sending it upstream.
> James Morris is the maintainer for the security sub-system,
> so you'll want to send this through him. He will want you to
> have an ACK from Paul Moore, who is the SELinux maintainer.

In the past I've pulled patches such as this (new LSM hook, with only
a SELinux implementation of the new hook) in via the selinux/next tree
after the other LSMs have ACK'd the new hook.  This helps limit merge
problems with other SELinux changes and allows us (the SELinux folks)
to include it in the ongoing testing that we do during the -rcX

So Anna, if you or anyone else on the NFS side of the house want to
add your ACKs/REVIEWs/etc. please do so as I don't like merging
patches that cross subsystem boundaries without having all the
associated ACKs.  Casey, James, and other LSM folks please do the

paul moore

More information about the Linux-security-module-archive mailing list