Re: [patch 00/11] mount ownership and unprivileged mount syscall(v9)

From: James Morris
Date: Wed Mar 19 2008 - 17:36:40 EST

Next message: Paul Mackerras: "Re: [BUG]2.6.25-rc6:Unable to handle kernel paging request"
Previous message: Bartlomiej Zolnierkiewicz: "Re: Linux 2.6.25-rc4"
In reply to: Miklos Szeredi: "Re: [patch 00/11] mount ownership and unprivileged mount syscall(v9)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 18 Mar 2008, Miklos Szeredi wrote:

> > We might need a user_mount hook which is called once the core kernel code
> > determines that it is a a valid unprivileged mount (although the sb_mount
> > hook will already have been called, IIUC).
>
> Does the order matter between core code's and the security module's
> permission checks?

Yes, the model is DAC before MAC.

> If it does, the cleanest would be to just move the
> core checks before the sb_mount hook, no?

Correct.

--
James Morris
<jmorris@xxxxxxxxx>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Paul Mackerras: "Re: [BUG]2.6.25-rc6:Unable to handle kernel paging request"
Previous message: Bartlomiej Zolnierkiewicz: "Re: Linux 2.6.25-rc4"
In reply to: Miklos Szeredi: "Re: [patch 00/11] mount ownership and unprivileged mount syscall(v9)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]