[PATCH v4 1/7] lsm: Add granular mount hooks to replace security_sb_mount
Song Liu
song at kernel.org
Wed May 27 21:08:56 UTC 2026
On Wed, May 27, 2026 at 5:17 AM Christian Brauner <brauner at kernel.org> wrote:
[...]
> > 1/7 adds new hooks:
> > lsm: Add granular mount hooks to replace security_sb_mount
> > 2/7 through 6/7 migrate LSMs from old hooks to new hooks:
> > apparmor: Remove redundant MS_MGC_MSK stripping in apparmor_sb_mount
> > apparmor: Convert from sb_mount to granular mount hooks
> > selinux: Convert from sb_mount to granular mount hooks
> > landlock: Convert from sb_mount to granular mount hooks
> > tomoyo: Convert from sb_mount to granular mount hooks
> > 7/7 removes old hooks:
> > lsm: Remove security_sb_mount and security_move_mount
> >
> > Some ideas to change this:
>
> My thought had been:
>
> * Add the new hooks to security/.
> * add the individual lsm implementations.
> * Now replace the old hooks with the new hooks in fs/namespace.c
> * Delete the old hooks in security/
>
> IOW, why the migration step? It is a full replacement anyway.
I think having a migration like this doesn't really make
review more difficult. But I am OK refactoring the patches
as requested.
Paul, do you have a strong preference either way?
Thanks,
Song
More information about the Linux-security-module-archive
mailing list