LSM: Whiteout chardev creation sidesteps mknod hook
Miklos Szeredi
miklos at szeredi.hu
Tue Apr 14 14:07:46 UTC 2026
On Tue, 14 Apr 2026 at 15:42, Mickaël Salaün <mic at digikod.net> wrote:
> BTW, I don't understand why only the renameat2(2) syscall can
> (indirectly) create this file type; why not also unlink(2) or rmdir(2)?
The reason is that the same effect is possible with first creating the
whiteout in the work directory with mknod, then renaming it over the
target. Since the work directory is needed anyway, this spares
filesystems from having to implement yet another overlayfs specific
operation.
Thanks,
Miklos
More information about the Linux-security-module-archive
mailing list