From: Casey Schaufler <casey@schaufler-ca.com>
To: Miklos Szeredi <miklos@szeredi.hu>, eparis@redhat.com
Cc: miklos@szeredi.hu, sds@tycho.nsa.gov, jmorris@namei.org,
linux-security-module@vger.kernel.org,
linux-fsdevel@vger.kernel.org
Subject: Re: [PATCH -v2] SELinux/LSM: display SELinux mount options in /proc/mounts
Date: Tue, 8 Apr 2008 08:09:18 -0700 (PDT) [thread overview]
Message-ID: <386168.30366.qm@web36608.mail.mud.yahoo.com> (raw)
In-Reply-To: <E1JjBuK-0001nc-LU@pomaz-ex.szeredi.hu>
--- Miklos Szeredi <miklos@szeredi.hu> wrote:
> > This patch causes SELinux mount options to show up in /proc/mounts. As
> > with other code in the area seq_put errors are ignored. Other LSM's
> > will not have their mount options displayed until they fill in their own
> > security_sb_show_options() function.
> >
> > Signed-off-by: Eric Paris <eparis@redhat.com>
> > Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
> >
> > ---
> >
> > This patch is against a merged vfs-2.6:vfs-2.6.25 and selinux:for-akpm
> > repo. It requires the a6307a583a073f85c38399c1e2c21dfe2d6a3da0
> > changeset in jame's repo to compile. I'll let you and James decide if
> > we should push it through the VFS tree or the SELinux tree....
> >
> > Only change from the last patch is the addition of " around mount
> > options which contain a comma example:
> > server:/export/ /import nfs
>
rw,context="system_u:object_r:httpd_sys_content_t:s0:c1,c3",vers=3,rsize=32768,wsize=32768,hard,proto=tcp,timeo=600,retrans=2,sec=sys,addr=X.X.X.X
> 0 0
>
> Looks good.
>
> Since the patch is dependent on stuff in the selinux repo, it should
> go via that tree.
>
> Even better would be if the non-selinux part was split off into a
> separate patch and gone through -mm, to let the interface changes get
> extra review.
I concur. Sorry that I have not been more active on reviewing this.
Casey Schaufler
casey@schaufler-ca.com
next prev parent reply other threads:[~2008-04-08 15:09 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-04-01 17:24 [PATCH 2/2] SELinux: display SELinux mount options in /proc/mounts Eric Paris
2008-04-01 17:24 ` Eric Paris
2008-04-02 9:16 ` Miklos Szeredi
2008-04-02 12:53 ` Eric Paris
2008-04-02 14:43 ` Eric Paris
2008-04-02 14:48 ` Stephen Smalley
2008-04-02 15:04 ` Miklos Szeredi
2008-04-02 14:50 ` Miklos Szeredi
2008-04-02 15:06 ` Stephen Smalley
2008-04-02 15:14 ` Stephen Smalley
2008-04-04 22:22 ` [PATCH -v2] SELinux/LSM: " Eric Paris
2008-04-08 11:22 ` Miklos Szeredi
2008-04-08 15:09 ` Casey Schaufler [this message]
2008-04-08 22:36 ` James Morris
2008-04-08 22:42 ` Eric Paris
2008-04-09 2:45 ` James Morris
2008-04-09 7:53 ` Miklos Szeredi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=386168.30366.qm@web36608.mail.mud.yahoo.com \
--to=casey@schaufler-ca.com \
--cc=eparis@redhat.com \
--cc=jmorris@namei.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=miklos@szeredi.hu \
--cc=sds@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.