ebiederm@xxxxxxxxxxxx (Eric W. Biederman) writes: > I am going to stop there. I believe there are more issues in the code. > I am relieved that I am not seeing the loss of some of the security > hooks that I thought I saw last time I looked at the code. Bah. Now I see the missing security hook. There are a set of security hooks that allow security modules to parse mount options. On a good day they look like: security_mnt_opts opts; char *secdata; secdata = alloc_secdata(); security_sb_copy_data("a,mount,options,string", secdata); security_init_mnt_opts(&opts); security_parse_opts_str(secdata, &opts); security_set_mnt_opts(sb, &opts, 0, NULL); security_free_mnt_opts(&opts); In practice however things are not that explicit. With security_sb_kern_mount performing all of the mnt_opts work. However after the rewrite in the patchset. The function sb_kern_mount no longer exists and it's replacement sb_get_tree out of necessity does not call parse_opts_str. This is because the mount options can no longer be passed as a string. The legacy compatibility code also does not call sb_parse_opts_str. The result is using the existing apis all of the security module command line parsing except for (btrfs and nfs) no longer works. The changes are not structured in a way that makes any of this easy to find. Which is why I have been saying I wouldn't do it that way. It also is the case that this pattern repeats through out the patches. Replacing code with something brand new, instead of evolving what is there. That makes it easy for this kind of thing to slip through. Eric