| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Xine.LNX.4.64.0803191003480.14598@us.intercode.com.au> Date: Wed, 19 Mar 2008 10:04:16 +1100 (EST) From: James Morris <jmorris@...ei.org> To: Miklos Szeredi <miklos@...redi.hu> cc: akpm@...ux-foundation.org, hch@...radead.org, serue@...ibm.com, viro@...iv.linux.org.uk, linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org, sds@...ho.nsa.gov, eparis@...hat.com, linux-security-module@...r.kernel.org Subject: Re: [patch 00/11] mount ownership and unprivileged mount syscall (v9) On Tue, 18 Mar 2008, Miklos Szeredi wrote: > > We might need a user_mount hook which is called once the core kernel code > > determines that it is a a valid unprivileged mount (although the sb_mount > > hook will already have been called, IIUC). > > Does the order matter between core code's and the security module's > permission checks? Yes, the model is DAC before MAC. > If it does, the cleanest would be to just move the > core checks before the sb_mount hook, no? Correct. -- James Morris <jmorris@...ei.org> -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists