[PATCH 6/7] tomoyo: Convert from sb_mount to granular mount hooks

[Song Liu]

On Mon, Mar 23, 2026 at 11:12 PM Tetsuo Handa
<penguin-kernel at i-love.sakura.ne.jp> wrote:
>
> On 2026/03/24 4:31, Song Liu wrote:
> >> Then, how can LSM modules know that how the requested filesystem resolves
> >> the dev_name argument, without embedding filesystem specific resolution
> >> logic into individual LSM module?
> >
> > IIUC, if an LSM cares about the dev_name of a new mount, it will have to look
> > into each individual filesystem. We can add a LSM hook for the filesystems to
> > call. But this will require changes to individual filesystem code. OTOH,
> > dev_name can probably bridge the gap as we change filesystems.
> >
> > Would this work?
>
> I guess something like untested diff shown below would work.

I think this doesn't work with erofs on file (requires
CONFIG_EROFS_FS_BACKED_BY_FILE). erofs may not be the
only one that has this problem.

Thanks,
Song

>
>  block/bdev.c               |   26 ++++++++++++++------------
>  fs/fs_context.c            |    4 ++++
>  fs/namespace.c             |   10 ++++++----
>  fs/super.c                 |    2 +-
>  include/linux/blkdev.h     |   12 +++++++++++-
>  include/linux/fs_context.h |    1 +
>  security/tomoyo/mount.c    |   26 ++------------------------
>  security/tomoyo/tomoyo.c   |    2 +-
>  8 files changed, 40 insertions(+), 43 deletions(-)