Hi, > I'm reading this thread on tenterhooks. > If vfsmount is passed to VFS helper functions, that will make > r/o bind mounts and AppArmor and TOMOYO Linux happy. > But so far, it seems that "passing vfsmount makes things complicated". If done right, it shouldn't. At least it didn't seem to complicate the parts that I've touched ;) > If the conclusion became "vfsmount should not be passed to > VFS helper functions", that's OK, but I want you to consider > the below approach for AppArmor and TOMOYO Linux. This patch is a repost of > http://kerneltrap.org/mailarchive/linux-fsdevel/2008/2/17/882024 . I'm not a big fan of adding new security hooks. Nor of moving the existing ones to callers. Miklos -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
