On 7/10/2018 4:19 PM, David Howells wrote: > Casey Schaufler <casey@xxxxxxxxxxxxxxxx> wrote: > >>> Implement filesystem context security hooks for the smack LSM. >>> >>> Question: Should the ->fs_context_parse_source() hook be implemented to >>> check the labels on any source devices specified? >> Checking the label on a block device when doing a mount >> is just going to end in tears. If you're remounting from >> an already mounted filesystem it might make sense to check >> that the new mount doesn't provide greater access than the >> existing mount. If the original mount has smackfsdefault="_" >> I could see prohibiting the additional mount having >> smackfsdefault="*" on a filesystem that doesn't support >> xattrs. But that requires that a (hopefully) privileged >> process be involved, and we expect them to have a clue. >> So no, I don't see it necessary. > I think I may have meant the device file rather than the actual device > content. You may have! I see no reason to look at the label on /dev/sdb1 when mounting it. There's already sufficient privilege required to protect that in my mind. > > David > -- > To unsubscribe from this list: send the line "unsubscribe linux-security-module" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html >
