From mboxrd@z Thu Jan 1 00:00:00 1970 From: Eric Paris Subject: Re: NFS/LSM: allow NFS to control all of its own mount options Date: Wed, 20 Feb 2008 08:56:58 -0500 Message-ID: <1203515818.2928.138.camel@localhost.localdomain> References: <1203457094.2928.113.camel@localhost.localdomain> <20080219222408.GB10656@infradead.org> <1203515410.9902.128.camel@moss-spartans.epoch.ncsc.mil> Mime-Version: 1.0 Content-Type: text/plain Content-Transfer-Encoding: 7bit Cc: Miklos Szeredi , hch-wEGCiKHe2LqWVfeAwA7xHQ@public.gmane.org, linux-nfs-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, selinux-+05T5uksL2qpZYMLLGbcSA@public.gmane.org, linux-security-module-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, steved-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org, jlayton-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org, jmorris-gx6/JNMH7DfYtjvyW6yDsg@public.gmane.org, casey-iSGtlc1asvQWG2LlvL+J4A@public.gmane.org, trond.myklebust-41N18TsMXrtuMpJDpNschA@public.gmane.org, chuck.lever-QHcLZuEGTsvQT0dZR+AlfA@public.gmane.org, linux-fsdevel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org To: Stephen Smalley Return-path: In-Reply-To: <1203515410.9902.128.camel-/ugcdrsPCSfIm9DtXLC9OUVfdvkotuLY+aIohriVLy8@public.gmane.org> Sender: linux-nfs-owner-u79uwXL29TY76Z2rM5mHXA@public.gmane.org List-Id: linux-fsdevel.vger.kernel.org On Wed, 2008-02-20 at 08:50 -0500, Stephen Smalley wrote: > On Wed, 2008-02-20 at 11:08 +0100, Miklos Szeredi wrote: > > > Please don't introduce a special case for just nfs. All filesystems > > > should control their mount options, so please provide some library > > > helpers for context= handling and move it into all filesystems that > > > can support selinux. > > > > Hmm, looks like selinux is not showing it's mount options in > > /proc/mounts. Well, actually there's no infrastructure for it either. > > Here's a template patch (completely untested). > > I think the intent is to use the security_sb_get_mnt_opts() hook for > this purpose. It was. I already knew about this issue and its 'on my list.' Although I guess we need a something ?new LSM hook? which will translate the sb_get_mnt_opts stuff into a single text string. Or I guess really that can be done in you sb_show_options and I can just use sb_get_mnt_opts under the covers. Anyway, unrelated issue that will get fixed as soon as this real BUG() is fixed. -Eric - To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org More majordomo info at http://vger.kernel.org/majordomo-info.html