Quoting Tetsuo Handa (penguin-kernel@xxxxxxxxxxxxxxxxxxx): > Hello. > > Serge E. Hallyn wrote: > > But your requirements are to ensure that an application accessing a > > device at a well-known location get what it expect. > > Yes. That's the purpose of this filesystem. > > > > So then the main quesiton is still the one I think Al had asked - what > > keeps a rogue CAP_SYS_MOUNT process from doing > > mount --bind /dev/hda1 /dev/null ? > > Excuse me, but I guess you meant "mount --bind /dev/ /root/" or something > because mount operation requires directories. Nope, try touch /root/hda1 ls -l /root/hda1 mount --bind /dev/hda1 /root/hda1 ls -l /root/hda1 But I see tomoyo prevents that > MAC can prevent a rogue CAP_SYS_MOUNT process from doing > "mount --bind /dev/ /root/". > For example, regarding TOMOYO Linux, you need to give > "allow_mount /dev/ /root/ --bind 0" permission > to permit "mount --bind /dev/ /root/" request. Ok, that answers my question. Thanks. (I won't go into "who gets to say allow_mount" :) > Did you mean "ln -s /dev/hda1 /dev/null" or "ln /dev/hda1 /dev/null"? > No problem. MAC can prevent such requests too. Then it sounds like this filesystem is something Tomoyo can use. thanks, -serge - To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html