On Tue, 19 Sept 2023 at 18:48, Paul Moore <paul@xxxxxxxxxxxxxx> wrote: > > Ideally we avoid multiple capable(CAP_SYS_ADMIN) calls by only doing it > > once and saving the return value. capable() call's aren't that cheap. > > Agreed. The capability check doesn't do any subject/object > comparisons so calling it for each mount is overkill. However, I > would think we would want the LSM hook called from inside the loop as > that could involve a subject (@current) and object (individual mount > point) comparison. The security_sb_statfs() one? Should a single failure result in a complete failure? Why is it not enough to check permission on the parent? Thanks, Miklos
