[PATCH v4 2/6] mounts: keep list of mounts in an rbtree
Ian Kent
raven at themaw.net
Tue Oct 31 01:23:34 UTC 2023
On 30/10/23 17:06, Miklos Szeredi wrote:
> On Mon, Oct 30, 2023 at 6:45 AM Ian Kent <raven at themaw.net> wrote:
>
>> Is fs/namespace.c:iterate_mounts() a problem?
>>
>> It's called from:
>>
>> 1) ./kernel/audit_tree.c:709: if (iterate_mounts(compare_root,
>> 2) ./kernel/audit_tree.c:839: err = iterate_mounts(tag_mount, tree, mnt);
>> 3) ./kernel/audit_tree.c:917: failed = iterate_mounts(tag_mount,
>> tree, tagged);
>>
>>
>> From functions 1) audit_trim_trees(), 2) audit_add_tree_rule() and
>>
>> 3) audit_tag_tree().
> So that interface works like this:
>
> - collect_mounts() creates a temporary copy of a mount tree, mounts
> are chained on mnt_list.
Right, sorry for the noise, I didn't look far enough.
Ian
>
> - iterate_mounts() is used to do some work on the temporary tree
>
> - drop_collected_mounts() frees the temporary tree
>
> These mounts are never installed in a namespace. My guess is that a
> private copy is used instead of the original mount tree to prevent
> races.
>
> Thanks,
> Miklos
>
More information about the Linux-security-module-archive
mailing list