[LSF/MM/BPF TOPIC] Refactor LSM hooks for VFS mount operations
Song Liu
song at kernel.org
Fri Jan 23 20:23:42 UTC 2026
Hi Casey,
On Thu, Jan 22, 2026 at 6:38 PM Casey Schaufler <casey at schaufler-ca.com> wrote:
[...]
> > Could you please share more information about this issue?
>
> LSMs assume that any mount options passed to them are options
> they provide. If an option isn't recognized, it's an error. If
> two LSMs provide mount options the first will report an error for
> a mount option recognized by the second. Since hook processing
> uses a "bail on fail" model, the second LSM will never be called
> to process its options and the mount operation will fail.
>
> The option processing needs to change to allow option processing
> in an LSM to differentiate between a failure in processing its
> options from finding an unrecognized option. The infrastructure
> needs to be changed to allow for multiple LSMs to look at the
> options and only fail if none of them handle the options.
Thanks for the explanation!
This issue is indeed tricky. Since we are talking about to major
refactoring of LSM hooks around mount operations, it is good
timing to also solve this issue. I will look more into this.
Song
More information about the Linux-security-module-archive
mailing list