[PATCH v4 1/3] [security] Add new hook to compare new mount to an existing mount
anna.schumaker at netapp.com
Fri Mar 12 15:45:42 UTC 2021
On Thu, Mar 4, 2021 at 8:34 PM Paul Moore <paul at paul-moore.com> wrote:
> On Tue, Mar 2, 2021 at 10:53 PM Casey Schaufler <casey at schaufler-ca.com> wrote:
> > On 3/2/2021 10:20 AM, Anna Schumaker wrote:
> > > Hi Casey,
> > >
> > > On Fri, Feb 26, 2021 at 10:40 PM Olga Kornievskaia
> > > <olga.kornievskaia at gmail.com> wrote:
> > >> From: Olga Kornievskaia <kolga at netapp.com>
> > >>
> > >> Add a new hook that takes an existing super block and a new mount
> > >> with new options and determines if new options confict with an
> > >> existing mount or not.
> > >>
> > >> A filesystem can use this new hook to determine if it can share
> > >> the an existing superblock with a new superblock for the new mount.
> > >>
> > >> Signed-off-by: Olga Kornievskaia <kolga at netapp.com>
> > > Do you have any other thoughts on this patch? I'm also wondering how
> > > you want to handle sending it upstream.
> > James Morris is the maintainer for the security sub-system,
> > so you'll want to send this through him. He will want you to
> > have an ACK from Paul Moore, who is the SELinux maintainer.
> In the past I've pulled patches such as this (new LSM hook, with only
> a SELinux implementation of the new hook) in via the selinux/next tree
> after the other LSMs have ACK'd the new hook. This helps limit merge
> problems with other SELinux changes and allows us (the SELinux folks)
> to include it in the ongoing testing that we do during the -rcX
> So Anna, if you or anyone else on the NFS side of the house want to
> add your ACKs/REVIEWs/etc. please do so as I don't like merging
> patches that cross subsystem boundaries without having all the
> associated ACKs. Casey, James, and other LSM folks please do the
Acked-by: Anna Schumaker <Anna.Schumaker at Netapp.com>
Are you also going to take patch 3/3 that uses the new hook, or should
that go through the NFS tree? Patch 2/3 is a cleanup that can go
through the NFS tree.
> paul moore
More information about the Linux-security-module-archive