On Tue, 18 Mar 2008, Miklos Szeredi wrote: > > We might need a user_mount hook which is called once the core kernel code > > determines that it is a a valid unprivileged mount (although the sb_mount > > hook will already have been called, IIUC). > > Does the order matter between core code's and the security module's > permission checks? Yes, the model is DAC before MAC. > If it does, the cleanest would be to just move the > core checks before the sb_mount hook, no? Correct. -- James Morris <jmorris@xxxxxxxxx> -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
